General
-
Target
WaveInstaller.exe
-
Size
1.6MB
-
Sample
240705-td8f2atdrb
-
MD5
00799dbcc9576bd4e72bef9700f27c1a
-
SHA1
775d737e89f7a03209e383f3f3cb4fc1176865fe
-
SHA256
b86a0eaa31ac1716902429c6bbef6b21ee987e667da7b236200b0199db69b837
-
SHA512
ebef9a957a4c6e697e77ab01db5b45491a35cf5222bf332a7f7ee948783aaa0f96af7b627ba47bcfc193d3988a77a8d093379558aa0fa2556966ce84b1b54f9b
-
SSDEEP
24576:2kxTd6WYLGJOgDLPgOAVG/v9l3bP0urOvGwaNmIfKG5xL/dEuvS:XciOgPPgOGG/vT7rrUGwaUIiG5lFS
Static task
static1
Behavioral task
behavioral1
Sample
WaveInstaller.exe
Resource
win7-20240508-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
excrnlqzxfdl
-
delay
1
-
install
true
-
install_file
Registry.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/w5QC7zcd
Targets
-
-
Target
WaveInstaller.exe
-
Size
1.6MB
-
MD5
00799dbcc9576bd4e72bef9700f27c1a
-
SHA1
775d737e89f7a03209e383f3f3cb4fc1176865fe
-
SHA256
b86a0eaa31ac1716902429c6bbef6b21ee987e667da7b236200b0199db69b837
-
SHA512
ebef9a957a4c6e697e77ab01db5b45491a35cf5222bf332a7f7ee948783aaa0f96af7b627ba47bcfc193d3988a77a8d093379558aa0fa2556966ce84b1b54f9b
-
SSDEEP
24576:2kxTd6WYLGJOgDLPgOAVG/v9l3bP0urOvGwaNmIfKG5xL/dEuvS:XciOgPPgOGG/vT7rrUGwaUIiG5lFS
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-