Overview

overview

10

Static

static

10

VenomRAT/P...er.exe

windows7-x64

1

VenomRAT/P...er.exe

windows10-2004-x64

1

VenomRAT/V...NC.exe

windows7-x64

1

VenomRAT/V...NC.exe

windows10-2004-x64

10

VenomRAT/V...xe.xml

windows7-x64

1

VenomRAT/V...xe.xml

windows10-2004-x64

1

VenomRAT/p...et.dll

windows7-x64

1

VenomRAT/p...et.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VenomRAT.rar

  • Size

    6.8MB

  • Sample

    230227-rr253adg9x

  • MD5

    f3ee8c380e07eb30c5f5780bdc23d60e

  • SHA1

    8f55e9f20f4be614cfaf21f001b49c18ee55d173

  • SHA256

    929b11e9d778f3fb3753f2bfec104862dd325bd91546afc7dfe15803d1726a13

  • SHA512

    b10411c97b709d49b71b884e4ded9ff8ac08c8cf4c39d86b859cd9d074d2e1da4cf1f41a35d939700f032f4d11f965e92f423a3ba740af140fbc81e35511b48b

  • SSDEEP

    196608:Qkz5znlJS+E4H5ED0r3uHTtKU3H9kXTkjvANy:t7j1ghKU3d+kjV

Score
10/10
arrowratasyncrat%group%agilenetrat

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

C2

%Hosts%:%Ports%

Mutex

%MTX%

Targets

    • Target

      VenomRAT/Plugins/Keylogger.exe

    • Size

      10KB

    • MD5

      4f846f2117c4eab285289b0090521b1e

    • SHA1

      e25287c39bad32159417c5f0bf798625b6beff45

    • SHA256

      a17a5bf35d8b784c3111632ba7e0c30a2c1a9c2c95b549235affc16d6d055477

    • SHA512

      fd946b5f7c3c7d32f226897283de7ba3b4a4ecc2919c363877f1258cd24ed1a52bce53af2fe4ef34c4ac30d00fc456fd4e1593b79c37f7c22211f2c4f6092e5e

    • SSDEEP

      192:irtmcuq65SoDxi4maEYbRzmEsLkjgv5JHT1eJYHcwY7fazB+LEi:irtlF60GE9rUhVsLF5p1rYydmE

    Score
    1/10
    behavioral1behavioral2

    • Target

      VenomRAT/VenomRAT_HVNC.exe

    • Size

      16.5MB

    • MD5

      c90bb028354000acc74485f2db4ab492

    • SHA1

      28e6ce32a075669b3e382eaeb4871f7c3fc3bbef

    • SHA256

      54df65f59a153e58faafc63addf325b7c492f000b8cda7e3cf527f5c0080325d

    • SHA512

      9400521f9dd1fd76a914006133cd9b9dc5c8783407ff6b99fbb5a74c1a81e45818772ef4e1cabc9c67232bf60d977b48c2fadcb9401ae05e7c8e23fcf9ba7406

    • SSDEEP

      393216:sl9Yl7Elel7ElAlQleTl/l/l/l/l/lzlml/lqlZlHl/l/l/l/l/l/lIlAl+lUl2x:WTXT

    Score
    10/10
    asyncratagilenetrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral3behavioral4

    • Target

      VenomRAT/VenomRAT_HVNC.exe.config

    • Size

      2KB

    • MD5

      fa21c166232c3b29f8d2d14557490c9c

    • SHA1

      2cb1a7d4a204fc03bd6bd15aa9f431f3445a08de

    • SHA256

      5c939c46f9d81cb75180c897feb5044176ed44cd0d51e076149bd82425e4ef44

    • SHA512

      cca1dd276a093b62845e5a7652e778d07200b7158cb05a2b44e11e69ce8bc78020eeeb29d55a87a6b87a3fcc25b2883175850467002388a811abfe9945d58fd9

    Score
    1/10
    behavioral5behavioral6

    • Target

      VenomRAT/protobuf-net.dll

    • Size

      269KB

    • MD5

      4a4756e227c10623d81228bc4bc49c1d

    • SHA1

      964014f538918d85f6eb6a7b4023b304067b28f7

    • SHA256

      042b8c1c1e0eb7648b164ee48c95168c48324f1fb439cabd5f2e41db0938d807

    • SHA512

      93d2c6f47c618dc9493f5a538cbfb5a32c1e3bb35a623b51561057245f2fa557c452ee18ae274182c3e0440b77353c5490d196f16eda142b6129e8d1108e5a04

    • SSDEEP

      3072:2ne8csJldhXG4JhEj9n8RHq6MY7qLfoDb4LUcqbrKKu55O/u85wcT/0c8yiwo3aa:2nT7JxXJ7qFLMrKXE/9YLy1W2WNU6

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks