Analysis
-
max time kernel
148s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2024 09:26
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
General
-
Target
Client.exe
-
Size
74KB
-
MD5
0e4a7532d82b9a4004760c3c45fa941c
-
SHA1
c2906c1a81def0e14b8e388426e51d189a66a9ed
-
SHA256
d2ddd856c70613cbe88343b38911f9c5294fc18e49d11b7d2eddccfebd1f8146
-
SHA512
d9e56b6ce994f4c8a69e97d51bfbeba150b4fbb76833d701c614debd8d51dd6aa918d620fa47c47e8bfba2e91e358ae5d7b8bdfa1a3b8c1830cbe4c0604d4d91
-
SSDEEP
1536:EUEkcx4VHsC0SPMV7e9VdQuDI6H1bf/5QhQzc2LVclN:EUxcx4GfSPMV7e9VdQsH1bfRsQPBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
127.0.0.1:29983
Mutex
pcysahfubcimdxqfhyl
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1220-1-0x00000000008F0000-0x0000000000908000-memory.dmp VenomRAT -
Suspicious behavior: EnumeratesProcesses 31 IoCs
Processes:
Client.exepid process 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe 1220 Client.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Client.exedescription pid process Token: SeDebugPrivilege 1220 Client.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Client.exepid process 1220 Client.exe