General
-
Target
bdb7a3283cbf0d20271acacbb1aea2f94018b4e477049c706be3cf66cc3239f5N.exe
-
Size
571KB
-
Sample
241216-mc32lawmgv
-
MD5
fa5c1bd700ac8b0b4035f607c6ee7ea0
-
SHA1
beba6ca16333e1480d201150ef2f02fbd1e4b613
-
SHA256
bdb7a3283cbf0d20271acacbb1aea2f94018b4e477049c706be3cf66cc3239f5
-
SHA512
715def92ccc0f54a20428073fdaad05eeea1136e190fb16f9c53f9b0bf504b3eeeda4c6435c922239f40e80b989474ba80cc76f048ff553a360ec75fe81860ef
-
SSDEEP
12288:Fw6EjbSan4SRRRtK9mFuj0FaUua1AVsqTTCJVMf:xEjbESRbtK94u4uYARXCJVi
Static task
static1
Behavioral task
behavioral1
Sample
bdb7a3283cbf0d20271acacbb1aea2f94018b4e477049c706be3cf66cc3239f5N.exe
Resource
win7-20240903-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Night -job
62.210.189.1:4449
163.172.121.118:4449
system-verison-window protection
-
delay
0
-
install
true
-
install_file
system.exe
-
install_folder
%AppData%
Targets
-
-
Target
bdb7a3283cbf0d20271acacbb1aea2f94018b4e477049c706be3cf66cc3239f5N.exe
-
Size
571KB
-
MD5
fa5c1bd700ac8b0b4035f607c6ee7ea0
-
SHA1
beba6ca16333e1480d201150ef2f02fbd1e4b613
-
SHA256
bdb7a3283cbf0d20271acacbb1aea2f94018b4e477049c706be3cf66cc3239f5
-
SHA512
715def92ccc0f54a20428073fdaad05eeea1136e190fb16f9c53f9b0bf504b3eeeda4c6435c922239f40e80b989474ba80cc76f048ff553a360ec75fe81860ef
-
SSDEEP
12288:Fw6EjbSan4SRRRtK9mFuj0FaUua1AVsqTTCJVMf:xEjbESRbtK94u4uYARXCJVi
-
Asyncrat family
-
Venomrat family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-