Overview

overview

10

Static

static

FILEV123.exe

windows7-x64

10

FILEV123.exe

windows10-2004-x64

10

Resubmissions

26-09-2022 17:41

220926-v9drzacfdr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    File2022v.img

  • Size

    300.6MB

  • Sample

    220926-v9drzacfdr

  • MD5

    9d7a7142774e6e7b89e4d6f4e6849083

  • SHA1

    bdd37043476a3c73888ce771b1e2b61536fe4ac9

  • SHA256

    fad399ac99b1ef8592fcceff8066146c0afc5be6dde4dfcd2999f565efc2c93a

  • SHA512

    e6cdc28be124c224d5f762942352f34e6d0015cc0e58bf8d7a581ec96defb2d614ddb4c3c2800d626eea25e45f5b004c33876dc82c4c70c1393743ab9d21d35d

  • SSDEEP

    6144:/oBMZbzgN9y4e3q99rUcupj+awhEGXBuokWy0L50qnVjAv2U:wKZbcNUFm5upLwhBXBuoppNnVct

Score
10/10
asyncratvenom clientsrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

venom12345.duckdns.org:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      FILEV123.EXE

    • Size

      300.0MB

    • MD5

      2a3295c758419a6b8477dad43bd02883

    • SHA1

      7403d49621e3d9ca470afdd7f0eebcdbdf6d0b65

    • SHA256

      9a08dc08a2e7bf39078afd478c3e38718416d6dff45a081cd17daecccca262d5

    • SHA512

      5f2148eb99be6eaea85e4164d6ae72744a7751fec691f382b642da4655c0e463240c981fab9cba5a4d93e25d5549eb9f61dd5ca5267a00c95afdf07d60173d89

    • SSDEEP

      6144:ABMZbzgN9y4e3q99rUcupj+awhEGXBuokWy0L50qnVjAv2U:AKZbcNUFm5upLwhBXBuoppNnVct

    Score
    10/10
    asyncratvenom clientsrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks