Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
07-07-2022 05:23
Static task
static1
Behavioral task
behavioral1
Sample
15d452fc138d1b3861e3bdb0999f2d82.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
15d452fc138d1b3861e3bdb0999f2d82.exe
Resource
win10v2004-20220414-en
General
-
Target
15d452fc138d1b3861e3bdb0999f2d82.exe
-
Size
65KB
-
MD5
15d452fc138d1b3861e3bdb0999f2d82
-
SHA1
5cfd69b9e88ef7e160586324c35c394400e61422
-
SHA256
69af22840532cf62ee50bf6f226defff941c997fb83bb688fc9a39199cbc9f3c
-
SHA512
e722f3329569b51f36d86fdfd9005702a84e92d479f769d9065d90e7f1a9dcb1a3082c7ab6e0f838e2befa63ac938481a02863ce534a5cf848909d9976b4d53b
Malware Config
Extracted
asyncrat
VenomRAT_HVNC 5.0.4
Venom Clients
45.134.140.152:60060
naxxygtxgexddkrzk
-
delay
0
-
install
false
-
install_folder
%AppData%
Signatures
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3020-130-0x0000000000220000-0x0000000000236000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
15d452fc138d1b3861e3bdb0999f2d82.exedescription pid process Token: SeDebugPrivilege 3020 15d452fc138d1b3861e3bdb0999f2d82.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3020-130-0x0000000000220000-0x0000000000236000-memory.dmpFilesize
88KB
-
memory/3020-131-0x00007FFD42800000-0x00007FFD432C1000-memory.dmpFilesize
10.8MB
-
memory/3020-132-0x00007FFD42800000-0x00007FFD432C1000-memory.dmpFilesize
10.8MB
-
memory/3020-133-0x000000001C8A0000-0x000000001C916000-memory.dmpFilesize
472KB
-
memory/3020-134-0x000000001AD10000-0x000000001AD2E000-memory.dmpFilesize
120KB