General
-
Target
IYBF9_Client.exe
-
Size
74KB
-
Sample
241216-sqjg1atley
-
MD5
4e621ed074da8d121a8f419c00cb4c3a
-
SHA1
723df7256adbaddecf269abfd255d28b5b860f1e
-
SHA256
dca4f9884f0b0f5a1c534b3b2d867714b6ea7eac807bacf9e487e9a8d7e34355
-
SHA512
77ebc87c1582d1f83195d2dd0f76432f895acac7b07cb1bca6599d7c42d83a544abcf719d9d80fc6e51cda05c6d9e3af06daed17a8fe970425030ab5fd0aaa1f
-
SSDEEP
1536:SUaAcx2l/Cx2PMVie9VdQuDI6H1bf/k0WQzcuLVclN:SUDcx2Bq2PMVie9VdQsH1bfcjQnBY
Behavioral task
behavioral1
Sample
IYBF9_Client.exe
Resource
win7-20241023-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:4449
5.20.104.111:4449
kekagthwfcue
-
delay
1
-
install
true
-
install_file
defender.exe
-
install_folder
%AppData%
Targets
-
-
Target
IYBF9_Client.exe
-
Size
74KB
-
MD5
4e621ed074da8d121a8f419c00cb4c3a
-
SHA1
723df7256adbaddecf269abfd255d28b5b860f1e
-
SHA256
dca4f9884f0b0f5a1c534b3b2d867714b6ea7eac807bacf9e487e9a8d7e34355
-
SHA512
77ebc87c1582d1f83195d2dd0f76432f895acac7b07cb1bca6599d7c42d83a544abcf719d9d80fc6e51cda05c6d9e3af06daed17a8fe970425030ab5fd0aaa1f
-
SSDEEP
1536:SUaAcx2l/Cx2PMVie9VdQuDI6H1bf/k0WQzcuLVclN:SUDcx2Bq2PMVie9VdQsH1bfcjQnBY
-
Asyncrat family
-
Venomrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-