Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20241010-en
General
-
Target
Client.exe
-
Size
75KB
-
MD5
0cc47ff18d0e3298f9beab60d3aa579e
-
SHA1
67c3020a046707cbde4dea02352272d6e6b77189
-
SHA256
87dc5fec26bd15e8a2d4d47a3d29b8fe43be265666770bdecfb496c77c0e3212
-
SHA512
e0f0627aa715665a27e3b505af264c3c2500b9414764d028fa0ecba0dc979a187f75baf4f97b4793b31325dda65310d8a3e3eccfe676b1f7b13e47334b5fe5b3
-
SSDEEP
1536:fukU0OSeCX/PMRkYKt2OlY6H1bf/i7AkzkiLVclN:fXUHjAPMRkYv4jH1bfVk7BY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
51.254.53.24:4449
86.68.222.14:4449
ygfmgwcmzefwhl
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule sample family_asyncrat -
Asyncrat family
-
Processes:
resource yara_rule sample VenomRAT -
Venomrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Client.exe
Files
-
Client.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 70KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ