General
-
Target
Client.exe
-
Size
73KB
-
Sample
241224-feba2a1phx
-
MD5
16df4c5cd796674b00ce1057951723de
-
SHA1
b3e9b12be9137cbe47be8efc0cafe41ff5a1a8a9
-
SHA256
831e0d88c9a9e96dc0ce0b979ca353ec40925673f3fcc51267d9d1a6cdc11a33
-
SHA512
770a8ce19d10ab145ae1751c3f4fb7d6fe041fe451a30eee3856e6ddaff6bfa0bea79c1f023e56993ae7ba3d5718bcdd78b4acc22f6badf31ec75f081e65cc6f
-
SSDEEP
1536:wULkcxVKpC6yPMVKe9VdQkhDIyH1bf/S6xb2SQzc33VclN:wUocxVENyPMVKe9VdQgH1bfKG2SQSlY
Behavioral task
behavioral1
Sample
Client.exe
Resource
win11-20241007-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
zabblfdkiqcnixcr
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/sG1KxVNw
Targets
-
-
Target
Client.exe
-
Size
73KB
-
MD5
16df4c5cd796674b00ce1057951723de
-
SHA1
b3e9b12be9137cbe47be8efc0cafe41ff5a1a8a9
-
SHA256
831e0d88c9a9e96dc0ce0b979ca353ec40925673f3fcc51267d9d1a6cdc11a33
-
SHA512
770a8ce19d10ab145ae1751c3f4fb7d6fe041fe451a30eee3856e6ddaff6bfa0bea79c1f023e56993ae7ba3d5718bcdd78b4acc22f6badf31ec75f081e65cc6f
-
SSDEEP
1536:wULkcxVKpC6yPMVKe9VdQkhDIyH1bf/S6xb2SQzc33VclN:wUocxVENyPMVKe9VdQgH1bfKG2SQSlY
Score10/10-
Asyncrat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-