General
-
Target
test denovo.exe
-
Size
74KB
-
Sample
241201-h3rzsssrdr
-
MD5
4330642b1f3c75e376da876245138800
-
SHA1
72228b675c946ecbdefa9fc0938d04861b8acd89
-
SHA256
c12d0924a3ff38fad8d7aa4fa9abeafd2dec07b452bd0d5d10af5f5b07f244e7
-
SHA512
c892485efc7326ea02dfbc9ce6058289058f485ebfbdf0ea0507036690beb7c51a3e8cd5f06fa8343d69f69abccdf30f9d3882dc0133c34a22debcb31374d74d
-
SSDEEP
1536:5UNQcx6ZoCrGPMVU+/sIRH1bJ/SOlgNQzcyLVclN:5Uicx6qQGPMVU+/PH1bJbl8QjBY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:1177
127.0.0.1:21053
187.18.72.113:1177
187.18.72.113:21053
189.14.62.242:1177
189.14.62.242:21053
192.168.1.6:1177
192.168.1.6:21053
210.53.210.53:1177
210.53.210.53:21053
10.9.237.62:1177
10.9.237.62:21053
aewfcdorqvoec
-
delay
1
-
install
true
-
install_file
start.exe
-
install_folder
%Temp%
Targets
-
-
Target
test denovo.exe
-
Size
74KB
-
MD5
4330642b1f3c75e376da876245138800
-
SHA1
72228b675c946ecbdefa9fc0938d04861b8acd89
-
SHA256
c12d0924a3ff38fad8d7aa4fa9abeafd2dec07b452bd0d5d10af5f5b07f244e7
-
SHA512
c892485efc7326ea02dfbc9ce6058289058f485ebfbdf0ea0507036690beb7c51a3e8cd5f06fa8343d69f69abccdf30f9d3882dc0133c34a22debcb31374d74d
-
SSDEEP
1536:5UNQcx6ZoCrGPMVU+/sIRH1bJ/SOlgNQzcyLVclN:5Uicx6qQGPMVU+/PH1bJbl8QjBY
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-