Overview

overview

10

Static

static

redfv.exe

windows7-x64

10

redfv.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    redfv.exe

  • Size

    300.0MB

  • Sample

    220926-tbmrjsbcb8

  • MD5

    f2fe09806411a018f01bb6a12a80b2b2

  • SHA1

    c08c933ff0bd50a1bded400f086378ddaab5ba4d

  • SHA256

    e2f693427eb98ff14d97a66007433ddebb3a8311309e2b1f1a95a07c3ec397b4

  • SHA512

    e435ef3941858b3e3a4d24bfd9778b9c683185472cdd326209dfdbfdc6cfdcea91fa01583985e586db01ef07749c5d1629091117661e7f60db0a9d0e4bd451b8

  • SSDEEP

    3072:bXlvFgvATyfHSt0Vki6jKV1c2jZZIUh7yZGRXBOUEs64BRg40nuFbl3TQ9:b4vj562V/UZ+BUeBRgul29

Score
10/10
asyncratvenom clientsrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.5

Botnet

Venom Clients

C2

theyk6836.duckdns.org:9026

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      redfv.exe

    • Size

      300.0MB

    • MD5

      f2fe09806411a018f01bb6a12a80b2b2

    • SHA1

      c08c933ff0bd50a1bded400f086378ddaab5ba4d

    • SHA256

      e2f693427eb98ff14d97a66007433ddebb3a8311309e2b1f1a95a07c3ec397b4

    • SHA512

      e435ef3941858b3e3a4d24bfd9778b9c683185472cdd326209dfdbfdc6cfdcea91fa01583985e586db01ef07749c5d1629091117661e7f60db0a9d0e4bd451b8

    • SSDEEP

      3072:bXlvFgvATyfHSt0Vki6jKV1c2jZZIUh7yZGRXBOUEs64BRg40nuFbl3TQ9:b4vj562V/UZ+BUeBRgul29

    Score
    10/10
    asyncratvenom clientsrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks