General
-
Target
win10.cmd
-
Size
3KB
-
Sample
241025-ranlca1aph
-
MD5
e62a670dce5171d5ffc8cdc9d1897f1e
-
SHA1
1f1641255d816783f7eac72f7359dd886ddaa164
-
SHA256
37e3fb24bc4ea36c7363a55ca99539a5c91aa5600739a652deb3fbbbcab9b2d5
-
SHA512
f7615a367da1bfabc4cf9fad782154342c14bca6cca448b493cc3ee0328c1267f6b91beeb6e12ece409b72429eb9bb23154aaa682cb49157867b5d3c593d4557
Static task
static1
Behavioral task
behavioral1
Sample
win10.cmd
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
win10.cmd
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://72.5.43.223/gdHydhxad/win10.zip
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Default
72.5.43.15:4449
yezcydjwbxouz
-
delay
1
-
install
true
-
install_file
win.exe
-
install_folder
%AppData%
Targets
-
-
Target
win10.cmd
-
Size
3KB
-
MD5
e62a670dce5171d5ffc8cdc9d1897f1e
-
SHA1
1f1641255d816783f7eac72f7359dd886ddaa164
-
SHA256
37e3fb24bc4ea36c7363a55ca99539a5c91aa5600739a652deb3fbbbcab9b2d5
-
SHA512
f7615a367da1bfabc4cf9fad782154342c14bca6cca448b493cc3ee0328c1267f6b91beeb6e12ece409b72429eb9bb23154aaa682cb49157867b5d3c593d4557
-
Asyncrat family
-
Async RAT payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
2Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1