Overview

overview

10

Static

static

10

7z.exe

windows10-1703-x64

1

7z.exe

windows10-2004-x64

1

Plugins/Keylogger.exe

windows10-1703-x64

1

Plugins/Keylogger.exe

windows10-2004-x64

1

VenomRAT_HVNC.exe

windows10-1703-x64

7

VenomRAT_HVNC.exe

windows10-2004-x64

10

readme.txt

windows10-1703-x64

1

readme.txt

windows10-2004-x64

1

Resubmissions

28-02-2023 04:33

230228-e6jwtahe77 10

28-02-2023 04:28

230228-e3nqlahe69 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Venom5-HVNC-Rat.rar

  • Size

    8.8MB

  • Sample

    230228-e6jwtahe77

  • MD5

    f84fed326b9437ee25ef3164688bd940

  • SHA1

    e510ad05bf62d925f711a404e22d0b78170fb25d

  • SHA256

    883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97

  • SHA512

    6612cace68d8093d7ee756b3054322283ad48c3397f47d312a9a780996c8e75ac46d179632f1678d0eec728d7e384faa6467a4b752319dd4396e0b6fa6916a1d

  • SSDEEP

    196608:TWtEMYTCvgcJm2KCQtuHTkJJkz5A9bLJgEM4TsZBkuCq4:i1YTCvgcJipgmC+nTsZBkun4

Score
10/10
arrowratasyncrat%group%agilenetmicrosoftphishingrat

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

C2

%Hosts%:%Ports%

Mutex

%MTX%

Targets

    • Target

      7z.exe

    • Size

      436KB

    • MD5

      3e797119e0fd64297cb82794b8d68edd

    • SHA1

      a67d3b35743f6ca383673a3848b8c97ec164cc0d

    • SHA256

      c7245e21a7553d9e52d434002a401c77a7ca7d0f245f2311b0ddf16f8f946c6f

    • SHA512

      1378c54a3a1c5bd73c04e787d218f245024625003d689379013f1343c7f9e6282d670c3d68edce6006629ca90cddd27ac3f53f640f96c4936bbff319658caef8

    • SSDEEP

      12288:4DRHJamC1E+3ZZ4jjEKDywIYCsdtpu7Cdw:ghF+3ZZ4lRk7h

    Score
    1/10
    behavioral1behavioral2

    • Target

      Plugins/Keylogger.exe

    • Size

      10KB

    • MD5

      4f846f2117c4eab285289b0090521b1e

    • SHA1

      e25287c39bad32159417c5f0bf798625b6beff45

    • SHA256

      a17a5bf35d8b784c3111632ba7e0c30a2c1a9c2c95b549235affc16d6d055477

    • SHA512

      fd946b5f7c3c7d32f226897283de7ba3b4a4ecc2919c363877f1258cd24ed1a52bce53af2fe4ef34c4ac30d00fc456fd4e1593b79c37f7c22211f2c4f6092e5e

    • SSDEEP

      192:irtmcuq65SoDxi4maEYbRzmEsLkjgv5JHT1eJYHcwY7fazB+LEi:irtlF60GE9rUhVsLF5p1rYydmE

    Score
    1/10
    behavioral3behavioral4

    • Target

      VenomRAT_HVNC.exe

    • Size

      16.6MB

    • MD5

      5384c0396589430eeb3d1a2e05703e9a

    • SHA1

      20da44da7639bbef2f6b5bfc21df7474cd1109af

    • SHA256

      b4250aff983f1f588593baed1adb4797e6c1ab6225595ebd013b50348a57a459

    • SHA512

      9bf613ee62b0e56af500dd88f572b2221ad6df63b0b4c0dcb0ef763efcebeac633a95f10dfce90f6cff038df2810681dd55dcdd272eb9f907c670cc2e4f7363a

    • SSDEEP

      393216:Al9Yl7Elel7ElAlQleTl/l/l/l/l/lzlml/lqlZlHl/l/l/l/l/l/lIlAl+lUl2L:6TXT

    Score
    10/10
    microsoftphishingasyncratagilenetrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft
    behavioral5behavioral6

    • Target

      readme.txt

    • Size

      740B

    • MD5

      4dc812ec4ed8b9f6b117eebf783d78cc

    • SHA1

      4f17b61b3693b3469e61781af895e7e437a6e5ad

    • SHA256

      8746b7b6305d3fd5d986fab51e9db647319b5673bb96b7d8082e416ab2508b03

    • SHA512

      92c9215d387f0c29147d69d47f4a07ac1f093504eb14e63160838001d179e164c51efe1459a269a396263edf6bc1c4faea206671591ee728b907506f034c7d15

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v6

Tasks