883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97 | Triage

Submit
Reports

Overview

overview

Static

static

System.Xml...nt.dll

windows10-1703-x64

1

System.Xml...nt.dll

windows10-2004-x64

1

VenomRAT_HVNC.exe

windows10-1703-x64

1

VenomRAT_HVNC.exe

windows10-2004-x64

VenomRAT_HVNC.exe.xml

windows10-1703-x64

1

VenomRAT_HVNC.exe.xml

windows10-2004-x64

1

Vestris.Re...ib.dll

windows10-1703-x64

1

Vestris.Re...ib.dll

windows10-2004-x64

1

cGeoIp.dll

windows10-1703-x64

1

cGeoIp.dll

windows10-2004-x64

1

protobuf-net.dll

windows10-1703-x64

1

protobuf-net.dll

windows10-2004-x64

1

Analysis

max time kernel
60s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2023 05:35

Sharing

Static task

static1

agilenet rat %group%asyncrat arrowrat

4 signatures

Behavioral task

behavioral1

Sample

System.Xml.XPath.XDocument.dll

Resource

win10-20230220-en

windows10-1703-x64

0 signatures

60 seconds

Behavioral task

behavioral2

Sample

System.Xml.XPath.XDocument.dll

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral3

Sample

VenomRAT_HVNC.exe

Resource

win10-20230220-en

windows10-1703-x64

0 signatures

60 seconds

Behavioral task

behavioral4

Sample

VenomRAT_HVNC.exe

Resource

win10v2004-20230220-en

asyncrat agilenet rat

windows10-2004-x64

9 signatures

60 seconds

Behavioral task

behavioral5

Sample

VenomRAT_HVNC.exe.xml

Resource

win10-20230220-en

windows10-1703-x64

4 signatures

60 seconds

Behavioral task

behavioral6

Sample

VenomRAT_HVNC.exe.xml

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

60 seconds

Behavioral task

behavioral7

Sample

Vestris.ResourceLib.dll

Resource

win10-20230220-en

windows10-1703-x64

0 signatures

60 seconds

Behavioral task

behavioral8

Sample

Vestris.ResourceLib.dll

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral9

Sample

cGeoIp.dll

Resource

win10-20230220-en

windows10-1703-x64

0 signatures

60 seconds

Behavioral task

behavioral10

Sample

cGeoIp.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

60 seconds

Behavioral task

behavioral11

Sample

protobuf-net.dll

Resource

win10-20230220-en

windows10-1703-x64

0 signatures

60 seconds

Behavioral task

behavioral12

Sample

protobuf-net.dll

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

60 seconds

Report Analysis Logs

General

Target

protobuf-net.dll
Size

269KB
MD5

4a4756e227c10623d81228bc4bc49c1d
SHA1

964014f538918d85f6eb6a7b4023b304067b28f7
SHA256

042b8c1c1e0eb7648b164ee48c95168c48324f1fb439cabd5f2e41db0938d807
SHA512

93d2c6f47c618dc9493f5a538cbfb5a32c1e3bb35a623b51561057245f2fa557c452ee18ae274182c3e0440b77353c5490d196f16eda142b6129e8d1108e5a04
SSDEEP

3072:2ne8csJldhXG4JhEj9n8RHq6MY7qLfoDb4LUcqbrKKu55O/u85wcT/0c8yiwo3aa:2nT7JxXJ7qFLMrKXE/9YLy1W2WNU6

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\protobuf-net.dll,#1
1⤵
PID:3368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy