Behavioral task
behavioral1
Sample
eeeeeee.exe
Resource
win7-20240903-en
General
-
Target
eeeeeee.exe
-
Size
74KB
-
MD5
0e25636a64d8988a2f2a18a7969626d2
-
SHA1
524b58b47fd563b37ffc9c363d8c09101cacd2d4
-
SHA256
8dc4278083a8db73ad2499dcc55a2a5ce44b5bbfe7c2e4776d61597c9634e645
-
SHA512
248187747727b6875ba1df02547fc2c098c8d90615fcf6626f328ce31d183b9c99f779ccd0d25aaef003b89bdf830715786b46c5a543346316ff1b4608d6a6cd
-
SSDEEP
1536:3UFAcxehvCw2PMV21ricIMW1bH//giTQzcGLVclN:3U6cxe1/2PMV8ri+W1bH3XTQfBY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
88.173.32.153:8081
ogjwcholityhqynwcm
-
delay
1
-
install
false
-
install_file
meme
-
install_folder
%AppData%
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule sample family_asyncrat -
Asyncrat family
-
Processes:
resource yara_rule sample VenomRAT -
Venomrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource eeeeeee.exe
Files
-
eeeeeee.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ