Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
30/03/2025, 19:46
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240903-en
7 signatures
150 seconds
General
-
Target
Client.exe
-
Size
74KB
-
MD5
6a8dc5c4d8d1268c80ec390ecc42928f
-
SHA1
73b18060ecb59d943af0ceb663a24e54ecb9a5b4
-
SHA256
f61d7473bd3d17fbb710ebf01d7a9f2b545a7f084ef49f7d7e2c3b39a63783ad
-
SHA512
6ee01a6a2a8a70191153d1575ab65a2d5c300f53dd7434b1687f6bd16158b1f214f176ce9b67d13339e3dd8e87a660262678fb2dd9d12d921b3c5feba66e9dc0
-
SSDEEP
1536:EUEkcx4VHsC0SPMV7e9VdQuDI6H1bf/Y4Qzc2LVclN:EUxcx4GfSPMV7e9VdQsH1bfQ4QPBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
132.145.75.68:5450
Mutex
ymydqsymqvxxbvpvyq
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
resource yara_rule behavioral2/memory/772-1-0x0000000000D10000-0x0000000000D28000-memory.dmp VenomRAT -
Venomrat family
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
pid Process 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe 772 Client.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 772 Client.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 772 Client.exe