General
-
Target
b63bf28780e02bf0bb1bb59dec135e6263f4c582724c95eee0519b279022f31c.exe
-
Size
810KB
-
Sample
241219-eb878awndx
-
MD5
87c051a77edc0cc77a4d791ef72367d1
-
SHA1
5d5bab642235f0af7d9afe3cacec5ae2a4cfc8e5
-
SHA256
b63bf28780e02bf0bb1bb59dec135e6263f4c582724c95eee0519b279022f31c
-
SHA512
259a3f823d5051fcc9e87ceacf25557ab17f5d26ff4f0c17801d9ef83a23d2a51261a73e5ba9c3caf1ca2feb18a569458f17a2a5d56b542b86d6a124a42d4c2c
-
SSDEEP
12288:FCxMe2dk7YgL+OsQdFGHjaRYf9bquEZ68ufU3wqB2ydPsW/w0bvf:FsMe2KYIDpSO5vZ68FwqB2aPsW3
Static task
static1
Behavioral task
behavioral1
Sample
b63bf28780e02bf0bb1bb59dec135e6263f4c582724c95eee0519b279022f31c.exe
Resource
win7-20240903-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Default
47.238.55.14:4449
rqwcncaesrdtlckoweu
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
b63bf28780e02bf0bb1bb59dec135e6263f4c582724c95eee0519b279022f31c.exe
-
Size
810KB
-
MD5
87c051a77edc0cc77a4d791ef72367d1
-
SHA1
5d5bab642235f0af7d9afe3cacec5ae2a4cfc8e5
-
SHA256
b63bf28780e02bf0bb1bb59dec135e6263f4c582724c95eee0519b279022f31c
-
SHA512
259a3f823d5051fcc9e87ceacf25557ab17f5d26ff4f0c17801d9ef83a23d2a51261a73e5ba9c3caf1ca2feb18a569458f17a2a5d56b542b86d6a124a42d4c2c
-
SSDEEP
12288:FCxMe2dk7YgL+OsQdFGHjaRYf9bquEZ68ufU3wqB2ydPsW/w0bvf:FsMe2KYIDpSO5vZ68FwqB2aPsW3
-
Asyncrat family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-