General

  • Target

    74b502f28ed461b089fd8f201f472c5dfaf4f366b76449d41a742cd9204a42ca

  • Size

    273KB

  • Sample

    221205-trbn8afa97

  • MD5

    1d7b16b873866f8f2052b82c899205b9

  • SHA1

    ade49b4252860b2ca06151a392f6095efd851fdb

  • SHA256

    74b502f28ed461b089fd8f201f472c5dfaf4f366b76449d41a742cd9204a42ca

  • SHA512

    ed9ea335e02b4797d0ec3e6aa1702573235b6b53e2fcdeeb495086a1c09ad45d69455ddc8f56bc5a0d79681ce04228c3388abf9f66544dff507232674223d78e

  • SSDEEP

    3072:CyVXVetg8Y0OltV6MYWv5O1wAv/KN7x5Lo7fhTDw02rwefem2ZeXGMh0k:tRh6Me1wAv/kXGu02sefee2U

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT 5.0.5

Botnet

Venom Clients

C2

80.89.230.176:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    5

  • install

    true

  • install_file

    svshost.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      74b502f28ed461b089fd8f201f472c5dfaf4f366b76449d41a742cd9204a42ca

    • Size

      273KB

    • MD5

      1d7b16b873866f8f2052b82c899205b9

    • SHA1

      ade49b4252860b2ca06151a392f6095efd851fdb

    • SHA256

      74b502f28ed461b089fd8f201f472c5dfaf4f366b76449d41a742cd9204a42ca

    • SHA512

      ed9ea335e02b4797d0ec3e6aa1702573235b6b53e2fcdeeb495086a1c09ad45d69455ddc8f56bc5a0d79681ce04228c3388abf9f66544dff507232674223d78e

    • SSDEEP

      3072:CyVXVetg8Y0OltV6MYWv5O1wAv/KN7x5Lo7fhTDw02rwefem2ZeXGMh0k:tRh6Me1wAv/kXGu02sefee2U

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Async RAT payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Tasks