Analysis
-
max time kernel
147s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
15-12-2024 17:12
Behavioral task
behavioral1
Sample
hh.exe
Resource
win7-20240729-en
windows7-x64
7 signatures
150 seconds
General
-
Target
hh.exe
-
Size
74KB
-
MD5
2c43c5cd1bba8a4fa23b867065253068
-
SHA1
c6649471b371fcde5f52c23b8ca74fdc9451bdce
-
SHA256
12a5bcb300a793abd9b400aa92a187d175500700de373e32989ba99cc7d198fd
-
SHA512
f7795d8fd05833d02280ede7e39ad4e39daa527b270d1563d67902b9c30f7fc8176ac215d7fe538f1d3dc71d3a2812dd00f94e05df8deaa862c0e82b58bf7f43
-
SSDEEP
1536:gUEkcx4VHsC0SPMVeY7AX0I9H1bORi4zzeFQzcSLVclN:gUxcx4GfSPMVX0XzH1bOZzaQDBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
127.0.0.1:4449
Mutex
exyujhmexylpfeeot
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
resource yara_rule behavioral1/memory/2604-1-0x00000000008F0000-0x0000000000908000-memory.dmp VenomRAT -
Venomrat family
-
Suspicious behavior: EnumeratesProcesses 38 IoCs
pid Process 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe 2604 hh.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2604 hh.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2604 hh.exe