General
-
Target
Loader.exe
-
Size
2.1MB
-
Sample
241217-xyb54swnbj
-
MD5
084519881ac16c16cf9206f97a68f79e
-
SHA1
7b0fbc312ec9176a69ccb3036636e2423320cd79
-
SHA256
89057bbeb5618835524cf8fc3a645fc5137553638520e763901fa1f2f8cdbe66
-
SHA512
84b2867560cdbd3ca797196b208495631e49a87a2ea7451d6d68b52ea1ada0546c81d9b2e37b630440565cd53661c6541eb91c8bd662bb10780f87a7c7db5633
-
SSDEEP
49152:4ZZosvRgdkadC7i03aQAZutzArxizJZTrEbupmpVwMgc:4ZZostak7RGuqGJZXdpmIn
Static task
static1
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win7-20240708-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
193.161.193.99:53757
hsaurcrgqwhjimnkbht
-
delay
1
-
install
true
-
install_file
Load.exe
-
install_folder
%AppData%
Targets
-
-
Target
Loader.exe
-
Size
2.1MB
-
MD5
084519881ac16c16cf9206f97a68f79e
-
SHA1
7b0fbc312ec9176a69ccb3036636e2423320cd79
-
SHA256
89057bbeb5618835524cf8fc3a645fc5137553638520e763901fa1f2f8cdbe66
-
SHA512
84b2867560cdbd3ca797196b208495631e49a87a2ea7451d6d68b52ea1ada0546c81d9b2e37b630440565cd53661c6541eb91c8bd662bb10780f87a7c7db5633
-
SSDEEP
49152:4ZZosvRgdkadC7i03aQAZutzArxizJZTrEbupmpVwMgc:4ZZostak7RGuqGJZXdpmIn
-
Asyncrat family
-
Async RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-