Overview

overview

10

Static

static

VRFAVS02JA...df.zip

windows7-x64

1

VRFAVS02JA...df.zip

windows10-2004-x64

1

VRFAVS02JA...f.html

windows7-x64

1

VRFAVS02JA...f.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VRFAVS02JADFSYP04_pdf.zip

  • Size

    252B

  • Sample

    220921-d953saaeak

  • MD5

    6e0cb15e498497bb307d83dfb899ccad

  • SHA1

    75b0209f8688dbfc53cd0f242d73d55eec2d6f86

  • SHA256

    970e824d2d6de840b0408008353e8190b3c9ea65611593f34dbda8810c767f7e

  • SHA512

    c8c9431d786f679a95ffb1a689afda42249f4a2810bc8d482e8b5e921b5ce38969951fb51092bb95d37a06718c1611761bffc9ce8a9470d8ee1201228e7b3be9

Score
10/10
asyncratvenom clientsrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.5

Botnet

Venom Clients

C2

stoo02093.duckdns.org:5029

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      VRFAVS02JADFSYP04_pdf.zip

    • Size

      252B

    • MD5

      6e0cb15e498497bb307d83dfb899ccad

    • SHA1

      75b0209f8688dbfc53cd0f242d73d55eec2d6f86

    • SHA256

      970e824d2d6de840b0408008353e8190b3c9ea65611593f34dbda8810c767f7e

    • SHA512

      c8c9431d786f679a95ffb1a689afda42249f4a2810bc8d482e8b5e921b5ce38969951fb51092bb95d37a06718c1611761bffc9ce8a9470d8ee1201228e7b3be9

    Score
    1/10
    behavioral1behavioral2

    • Target

      VRFAVS02JADFSYP04_pdf.HTML

    • Size

      102B

    • MD5

      372fbd869903bf41bc892d715783ae8b

    • SHA1

      56ec1889b796449d13b4d2040cec051ce07f90a3

    • SHA256

      6916533072653305d17d18d8196f7dceadd8952e200319054ece51d4e394bdc3

    • SHA512

      8955d789e9b130fdf987a02f48f581a4ec4068abf02fa3d26913eb61c4b45906a12607773d3c43bc63064cf1166177c466b2ec7939d235ac6aacd54f4a0d8198

    Score
    10/10
    asyncratvenom clientsrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks