General
-
Target
2940-18-0x0000000000400000-0x0000000000418000-memory.dmp
-
Size
96KB
-
MD5
a2080b70093b74cd20f8cd4977d53f50
-
SHA1
4720eaead2907f174167a00fc63b105987cb4b77
-
SHA256
731d0fc8d1e583fb5d30cc691b298bfe5137ac1f2220e535e4e2faf5fa31caa0
-
SHA512
b156ca8e45400638f814cf5c3c609f1943f4fb98dd67f661d074fa1b9f8d03c2b5293ecad785f1be42b5463112742dbe7daf02b7d01448c9fae12a7ef6aee784
-
SSDEEP
1536:QUswcx6DkaCWmPMVye9VdQuDI6H1bf/FBfXhNbhmQzc:QU5cx6DFxmPMVye9VdQsH1bfdBfXhPmQ
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
185.208.158.187:4449
Mutex
tnybaidkzovl
Attributes
-
delay
10
-
install
true
-
install_file
NotepadUpdate.exe
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2940-18-0x0000000000400000-0x0000000000418000-memory.dmp
Headers
Sections