Overview

overview

10

Static

static

10

7z.exe

windows7-x64

1

7z.exe

windows10-2004-x64

1

System.Sec...al.dll

windows7-x64

1

System.Sec...al.dll

windows10-2004-x64

1

System.Sec...ng.dll

windows7-x64

1

System.Sec...ng.dll

windows10-2004-x64

1

System.Tex...ns.dll

windows7-x64

1

System.Tex...ns.dll

windows10-2004-x64

1

System.Tex...ng.dll

windows7-x64

1

System.Tex...ng.dll

windows10-2004-x64

1

System.Tex...ns.dll

windows7-x64

1

System.Tex...ns.dll

windows10-2004-x64

1

System.Thr...ed.dll

windows7-x64

1

System.Thr...ed.dll

windows10-2004-x64

1

System.Thr...el.dll

windows7-x64

1

System.Thr...el.dll

windows10-2004-x64

1

System.Thr...ks.dll

windows7-x64

1

System.Thr...ks.dll

windows10-2004-x64

1

System.Thr...ad.dll

windows7-x64

1

System.Thr...ad.dll

windows10-2004-x64

1

System.Thr...ol.dll

windows7-x64

1

System.Thr...ol.dll

windows10-2004-x64

1

System.Thr...er.dll

windows7-x64

1

System.Thr...er.dll

windows10-2004-x64

1

System.Threading.dll

windows7-x64

1

System.Threading.dll

windows10-2004-x64

1

System.ValueTuple.dll

windows7-x64

1

System.ValueTuple.dll

windows10-2004-x64

1

System.Xml...er.dll

windows7-x64

1

System.Xml...er.dll

windows10-2004-x64

1

System.Xml...nt.dll

windows7-x64

1

System.Xml...nt.dll

windows10-2004-x64

1

Resubmissions

28-02-2023 04:33

230228-e6jwtahe77 10

28-02-2023 04:28

230228-e3nqlahe69 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Venom5-HVNC-Rat.rar

  • Size

    8.8MB

  • Sample

    230228-e3nqlahe69

  • MD5

    f84fed326b9437ee25ef3164688bd940

  • SHA1

    e510ad05bf62d925f711a404e22d0b78170fb25d

  • SHA256

    883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97

  • SHA512

    6612cace68d8093d7ee756b3054322283ad48c3397f47d312a9a780996c8e75ac46d179632f1678d0eec728d7e384faa6467a4b752319dd4396e0b6fa6916a1d

  • SSDEEP

    196608:TWtEMYTCvgcJm2KCQtuHTkJJkz5A9bLJgEM4TsZBkuCq4:i1YTCvgcJipgmC+nTsZBkun4

Score
10/10
arrowratasyncrat%group%agilenetrat

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

C2

%Hosts%:%Ports%

Mutex

%MTX%

Targets

    • Target

      7z.exe

    • Size

      436KB

    • MD5

      3e797119e0fd64297cb82794b8d68edd

    • SHA1

      a67d3b35743f6ca383673a3848b8c97ec164cc0d

    • SHA256

      c7245e21a7553d9e52d434002a401c77a7ca7d0f245f2311b0ddf16f8f946c6f

    • SHA512

      1378c54a3a1c5bd73c04e787d218f245024625003d689379013f1343c7f9e6282d670c3d68edce6006629ca90cddd27ac3f53f640f96c4936bbff319658caef8

    • SSDEEP

      12288:4DRHJamC1E+3ZZ4jjEKDywIYCsdtpu7Cdw:ghF+3ZZ4lRk7h

    Score
    1/10
    behavioral1behavioral2

    • Target

      System.Security.Principal.dll

    • Size

      20KB

    • MD5

      6dcd91b6a029794728f4edeb2bf2e42d

    • SHA1

      82ba1313448b431893c14d866f46d47b620514a9

    • SHA256

      02416bc542be82002b8b81adbbbcdcc8d098104020d09b571dc674b5bc19a177

    • SHA512

      2566f369edee9313e823aa2667cb95977f0db57b4b47da62f44850811f524d0598fde6f5bb082bb3325789e4b256e970603b4297d3586f1c435498430723a38b

    • SSDEEP

      384:+SKiWIhWdC7Bm0GftpBjtQaQHRN76fl3uVogL:+SK8DVicL6wV7L

    Score
    1/10
    behavioral3behavioral4

    • Target

      System.Security.SecureString.dll

    • Size

      21KB

    • MD5

      4523f60270149bad67f6ae63375d2cdb

    • SHA1

      ff6e6bcd83a11d40bf53dabd0480a67aecfdcf50

    • SHA256

      18032d190d0d599823e59c8dd8b588909bef8888b8bf304723a138b61f1b911f

    • SHA512

      025e33f6927e634fe187491f40d96b36b2ddaf2acde97b340c8705bae58bded6c02b8bf9199a1b9d4ac75884c69dc665dc03b34571b1bd178ca1784c5f0d5451

    • SSDEEP

      384:n0KbZWApWmWTpWWFm0GftpBjNaTaQHRN7vnl4aRISeS:0KRybViaTLSAl

    Score
    1/10
    behavioral5behavioral6

    • Target

      System.Text.Encoding.Extensions.dll

    • Size

      20KB

    • MD5

      d40515a84448b91315f956e6d1a6c64b

    • SHA1

      7fe773332d0461a252e52be720a7794fcaac7bfb

    • SHA256

      cbe29672cd2b6a0ea97b55f3844fbede3e591996f39c3aa1f829f2fa50551fa9

    • SHA512

      322f82aeb9eb9da22257ac9fe835bf1c54c1bb268d37f0f97a4ca52bb42f6accca9c8dbdb96d6d695fa69c24f5069978a4b6f1e960ee81d9ea671ccd30a348d3

    • SSDEEP

      384:rb1nWCXWBC7Bm0GftpBjEYdgaQHRN7pC7lZ3atK9N:37RVioLpCf/9N

    Score
    1/10
    behavioral7behavioral8

    • Target

      System.Text.Encoding.dll

    • Size

      21KB

    • MD5

      7f65ccbf58c39f3853bb8dc4137dfd12

    • SHA1

      3946dff0b68f0ca01689bd44c348559adf548258

    • SHA256

      0ab1f7f87b7c2afca57d394e4f4e262c82ba3209cb0a750cd66401fb33f21eca

    • SHA512

      ff7d953ec4b82c10e64fc85d3afc8a1a58582170ef1752d4688fa1d48efc490dba5f0a784e748f7902e96fd885ea868b1a84de44f48cf071975f3cd3f8e52c6a

    • SSDEEP

      384:UNyW7TWpvT1Dm0GftpBj6jaQHRN7hlGinGErW:ufi1DViGLpfW

    Score
    1/10
    behavioral10behavioral9

    • Target

      System.Text.RegularExpressions.dll

    • Size

      20KB

    • MD5

      7d317d88f9860a18ecf7fb90b33995d3

    • SHA1

      c2e4b19cb9a0b48e899512cd121ffe6657d41072

    • SHA256

      c98a52bd017df01aea7b955e6f219537d391a62c2c2b976684da282f9cd7cacf

    • SHA512

      79ed01c6d1cea3dba6b3566e03d05a971745e221be9330f6800a249d1b239e092d3ff704e7403e7ecd6b7709b24b0cdd7e518f2ee5da38019e7139d80594173e

    • SSDEEP

      384:i6Rb32WVzWIvT1Dm0GftpBj2gaQHRN7EBlBLY6fG:NRb3dH1DViIgLEhYj

    Score
    1/10
    behavioral11behavioral12

    • Target

      System.Threading.Overlapped.dll

    • Size

      36KB

    • MD5

      1a890c488cf2ecd406b804e7e3c5b7f0

    • SHA1

      bf2c1287f0ec04223cd17fe20ab2ecfff18579e3

    • SHA256

      f17ff442b77a6cfe9c118d2f8fae1ab6c814a0d4f35c5844996be84f3fcc8592

    • SHA512

      4eec61f9245dff3d468818d6d6cbb8e12a5172658f1027a9ab0ece03cc1377499833056a0dd4ff20b83b9ff9e47bb2e7f8dc7b641bc63ad78ff96c54be01f524

    • SSDEEP

      768:ou5I+sqOylryry8qqIfUc7a5oUVi1vLFss:oYIVBpry8qqIfUcm5vVgDSs

    Score
    1/10
    behavioral13behavioral14

    • Target

      System.Threading.Tasks.Parallel.dll

    • Size

      20KB

    • MD5

      9088029e38b2a393f22afd9e576ce86e

    • SHA1

      05e65ee95f647f38c717c73a0399870912dd374a

    • SHA256

      3468e0c875db94a8f45d56ab76bbcc677b942ca51a23649ba3c5ad1b20e391f1

    • SHA512

      23dcf5819996ee0f0c8fe044d6642a12e98a40309ce1f3f74688cf8e3dd6f6ed230aec391fe7e511e15fbbbf14bff09f976e923f22f2d68ad816d8ffad17f101

    • SSDEEP

      384:Wvn4HREpWiQWBTwm0GftpBjtSaQHRN7BlGinGEb:pS7wVifSLJ/

    Score
    1/10
    behavioral15behavioral16

    • Target

      System.Threading.Tasks.dll

    • Size

      21KB

    • MD5

      0ad301ee2b7282b87dcd0d862efe14dc

    • SHA1

      f720109a38846e358bde7c47d9c946a79d2b6b1c

    • SHA256

      0110616dfe870b8bcf25df8f6ce38ef5aac39e728ddaa3420ea199f5a7e80a16

    • SHA512

      c66fc92435c399804d8a8c1c836e5648725dda8a55d7acd897ae719ca231d89251a0d9a293a67f079e345709cfda83dcc693ad41a28d13661a55459f94fe33e0

    • SSDEEP

      384:G8MjKb47T3UCcqFMkJ59WdtWe+109m0GftpBjPRaQHRN7LKlgaGn7ce:jMjKb4vcGdOdVilRLLeG4e

    Score
    1/10
    behavioral17behavioral18

    • Target

      System.Threading.Thread.dll

    • Size

      20KB

    • MD5

      fdb3a743b2dae5924cba88a5c865128d

    • SHA1

      c53132ec95a7211c1bb6dcd5ad21ccb150a7b923

    • SHA256

      9d4faea9892d4ecfabf61986687fc6cb30f5f51a6b62819b9571ff58e04c4dd5

    • SHA512

      cbd8370f3cb84cb9eb8bf3a7392245d6a90ce1a324971ea96170974da092bdfc3db2196f66958ca5d5000f13b18afab44ff82d50c5b9a625aa1b7a4af17717de

    • SSDEEP

      384:RzyNXd4+BW6FW9vT1Dm0GftpBjJtaQHRN73hYlO62gHcXb:szA1DViHtLxRg8L

    Score
    1/10
    behavioral19behavioral20

    • Target

      System.Threading.ThreadPool.dll

    • Size

      20KB

    • MD5

      18ce4ecc42fc8d999ef091d812472cf0

    • SHA1

      f874903cea9f08f1a0887949b47722e6ba81b789

    • SHA256

      3d9ebc81b1bd3234666c8ce403a5f17a726867c68ffa5de4ec8ee92599335658

    • SHA512

      0c027440ef6f6c105b0bf9319f4e0ea421fd310699028af0a159300145c662e74b4b5d969663e3b52cda7f9934a6ab93bbae9bcd1bd39aaac24fcba7ec451156

    • SSDEEP

      384:Bvs2Q3HKJNrWWRW8KvT1Dm0GftpBjb/aQHRN765EldBoQAYY9:BuMg1DViJ/L65woJYi

    Score
    1/10
    behavioral21behavioral22

    • Target

      System.Threading.Timer.dll

    • Size

      20KB

    • MD5

      824053272b268c577e9adf17ed398142

    • SHA1

      5ea3f290ecde1bab983ceee2417a688b7ed9b7f5

    • SHA256

      04b9235f64c9c846f8a767230714895da87c7ae2cd0105e9d14835ae46f0fed8

    • SHA512

      f475dcd2cc23fdfb017688713170fcaf8fea05869a680613ea4ad84cb358ed0f2442db0ff0dcbd739e3cc3db7128a8f4a568ae8e5af6a8840319b02630e420b9

    • SSDEEP

      384:FFz0Q6gcqRhcsMWdMWwvT1Dm0GftpBjZ/AoaQHRN7plxBGDO:FFz1c6u1DViHBLTMO

    Score
    1/10
    behavioral23behavioral24

    • Target

      System.Threading.dll

    • Size

      21KB

    • MD5

      11d674cfc81b7102c0bc6ffe58f6ac5e

    • SHA1

      ddda49572d112944ec9ab62b31959aa93a386618

    • SHA256

      4dc8d588ec63641c28422d648e8de5e2c030eb7afec2071a99dd3bd9a204557f

    • SHA512

      fb7c628b796a321ad9ecbf01d165e24f151c99d7e60a65d0af52f779ad60a3203f47b247d44fc47044a68790d1ea4ee458a7bc8df7ebe9d42c2275a9c11bc324

    • SSDEEP

      384:E6xWA3W4aW/NWtvT1Dm0GftpBjHaQHRN7TqidlZ30F:EaBk1DViFLTquO

    Score
    1/10
    behavioral25behavioral26

    • Target

      System.ValueTuple.dll

    • Size

      77KB

    • MD5

      c8456355b990c6347ab2f3621e2010be

    • SHA1

      0b7a9ec0dff6d958c9c64b5f592993372d31c5e9

    • SHA256

      efd8155cec6f3683b701fe94f555d225332d283126bb36b36d9a20ea9d7fc724

    • SHA512

      7eaa67b9f5e0cd5d1f2aded212721973ce7fc951d6af554084b1ff82521f9ee85eaacf8881ef58453cf67935289cc68092a8f845506314bdc1249780b46503d8

    • SSDEEP

      1536:vIumja0tbe16pSc45EfL+4vD4SuJbhjXuE3FMqF1KAy4kHo05ureseh79AVP9:vIuAaGbeGq5rKASI0ICh0l

    Score
    1/10
    behavioral27behavioral28

    • Target

      System.Xml.ReaderWriter.dll

    • Size

      21KB

    • MD5

      090ff56c4fe2eeff2e16f03099ad71e1

    • SHA1

      ef317cacc230a58a3b2fcc6cc079cc763afcc7c5

    • SHA256

      5f560e1dd529bb2529d7052e04008449f58d0439c2bb43437d7b5d39f84f949f

    • SHA512

      fdac43d0a18d9158db4438349a7a550557a36e6ed0665efcb65a046a5beb5c38181996cbf6d860b8ad01c19e35315bb61ae766caf06b23985e046484dab45256

    • SSDEEP

      384:mr97WquWk+109m0GftpBjNWVaQHRN7u90lgaGn7a:mRJcVifWVLbGW

    Score
    1/10
    behavioral29behavioral30

    • Target

      System.Xml.XDocument.dll

    • Size

      21KB

    • MD5

      37e21b63959f243a157534133f85c5af

    • SHA1

      dfad52a9990b2fafce7098cebb174927e8e0ba00

    • SHA256

      4f6a14e4ba2a2b26b8b8433d5f82f75a96af5a4f036d9447373b07271493917b

    • SHA512

      f59faa6319fe2afebccbd643e20c1edb75db74e9271354bd86dac3bea2cc59452ee024dc26b517ae88254a7c90dbe0e6c19a7b5ab3bfe9159d986d6c53ca5521

    • SSDEEP

      384:O16eWLDWevT1Dm0GftpBjAAYaQHRN7N9lZ3w:q6L91DViqTLXA

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix

Tasks

static1

agilenetrat%group%asyncratarrowrat
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10