Behavioral task
behavioral1
Sample
1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374.exe
Resource
win7-20240611-en
General
-
Target
1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374
-
Size
73KB
-
MD5
af90f03a23c6af39ca50fc618b066c2b
-
SHA1
955cf4e596dd113ea97d8bd234e09cc4a4584ad9
-
SHA256
1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374
-
SHA512
15f383e541c3bc9c2143adda1dbfad2ca2114264a2a05d623404a8439567bd33a59136833976b4bdbebf4b0b012af39bc136b74b9ac187a3b4d9ec083e1df5ff
-
SSDEEP
1536:oUYccx4y3lCl6PMVp7TNyIB21bl/5OdxQzc33VclN:oUlcx4yVy6PMVp7Bl21blCQSlY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
147.185.221.20:46193
tesargwffegsrgdrtgr5eg4re5gy756u6j7
-
delay
1
-
install
true
-
install_file
12345.exe
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
Detects executables attemping to enumerate video devices using WMI 1 IoCs
Processes:
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374
Files
-
1379e10d0f09454dec7701917db4752dabbe57bac4381d4c9a4c105244612374.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ