Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
07-07-2022 05:23
General
-
Target
15d452fc138d1b3861e3bdb0999f2d82.exe
-
Size
65KB
-
MD5
15d452fc138d1b3861e3bdb0999f2d82
-
SHA1
5cfd69b9e88ef7e160586324c35c394400e61422
-
SHA256
69af22840532cf62ee50bf6f226defff941c997fb83bb688fc9a39199cbc9f3c
-
SHA512
e722f3329569b51f36d86fdfd9005702a84e92d479f769d9065d90e7f1a9dcb1a3082c7ab6e0f838e2befa63ac938481a02863ce534a5cf848909d9976b4d53b
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
VenomRAT_HVNC 5.0.4
Botnet
Venom Clients
C2
45.134.140.152:60060
Mutex
naxxygtxgexddkrzk
Attributes
-
delay
0
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\15d452fc138d1b3861e3bdb0999f2d82.exe"C:\Users\Admin\AppData\Local\Temp\15d452fc138d1b3861e3bdb0999f2d82.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3020-130-0x0000000000220000-0x0000000000236000-memory.dmpFilesize
88KB
-
memory/3020-131-0x00007FFD42800000-0x00007FFD432C1000-memory.dmpFilesize
10.8MB
-
memory/3020-132-0x00007FFD42800000-0x00007FFD432C1000-memory.dmpFilesize
10.8MB
-
memory/3020-133-0x000000001C8A0000-0x000000001C916000-memory.dmpFilesize
472KB
-
memory/3020-134-0x000000001AD10000-0x000000001AD2E000-memory.dmpFilesize
120KB