arrowrat | 929b11e9d778f3fb3753f2bfec104862dd325bd91546afc7dfe15803d1726a13 | Triage

Submit
Reports

Overview

overview

Static

static

VenomRAT/P...er.exe

windows10-1703-x64

1

VenomRAT/P...er.exe

windows10-2004-x64

1

VenomRAT/V...NC.exe

windows10-1703-x64

7

VenomRAT/V...NC.exe

windows10-2004-x64

Sharing

General

Target

VenomRAT.rar
Size

6.8MB
Sample

230308-c13evsdf39
MD5

f3ee8c380e07eb30c5f5780bdc23d60e
SHA1

8f55e9f20f4be614cfaf21f001b49c18ee55d173
SHA256

929b11e9d778f3fb3753f2bfec104862dd325bd91546afc7dfe15803d1726a13
SHA512

b10411c97b709d49b71b884e4ded9ff8ac08c8cf4c39d86b859cd9d074d2e1da4cf1f41a35d939700f032f4d11f965e92f423a3ba740af140fbc81e35511b48b
SSDEEP

196608:Qkz5znlJS+E4H5ED0r3uHTtKU3H9kXTkjvANy:t7j1ghKU3d+kjV

Score

10^/10

arrowrat asyncrat %group%agilenet microsoft phishing rat

Static task

static1

agilenet rat %group%asyncrat arrowrat

4 signatures

Behavioral task

behavioral1

Sample

VenomRAT/Plugins/Keylogger.exe

Resource

win10-20230220-en

windows10-1703-x64

3 signatures

60 seconds

Behavioral task

behavioral2

Sample

VenomRAT/Plugins/Keylogger.exe

Resource

win10v2004-20230221-en

windows10-2004-x64

3 signatures

60 seconds

Behavioral task

behavioral3

Sample

VenomRAT/VenomRAT_HVNC.exe

Resource

win10-20230220-en

microsoft phishing

windows10-1703-x64

9 signatures

60 seconds

Behavioral task

behavioral4

Sample

VenomRAT/VenomRAT_HVNC.exe

Resource

win10v2004-20230220-en

asyncrat agilenet rat

windows10-2004-x64

9 signatures

60 seconds

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

C2

%Hosts%:%Ports%

Mutex

%MTX%

Targets

- Target
  
  VenomRAT/Plugins/Keylogger.exe
- Size
  
  10KB
- MD5
  
  4f846f2117c4eab285289b0090521b1e
- SHA1
  
  e25287c39bad32159417c5f0bf798625b6beff45
- SHA256
  
  a17a5bf35d8b784c3111632ba7e0c30a2c1a9c2c95b549235affc16d6d055477
- SHA512
  
  fd946b5f7c3c7d32f226897283de7ba3b4a4ecc2919c363877f1258cd24ed1a52bce53af2fe4ef34c4ac30d00fc456fd4e1593b79c37f7c22211f2c4f6092e5e
- SSDEEP
  
  192:irtmcuq65SoDxi4maEYbRzmEsLkjgv5JHT1eJYHcwY7fazB+LEi:irtlF60GE9rUhVsLF5p1rYydmE
Score

1^/10
behavioral1 behavioral2
- Target
  
  VenomRAT/VenomRAT_HVNC.exe
- Size
  
  16.5MB
- MD5
  
  c90bb028354000acc74485f2db4ab492
- SHA1
  
  28e6ce32a075669b3e382eaeb4871f7c3fc3bbef
- SHA256
  
  54df65f59a153e58faafc63addf325b7c492f000b8cda7e3cf527f5c0080325d
- SHA512
  
  9400521f9dd1fd76a914006133cd9b9dc5c8783407ff6b99fbb5a74c1a81e45818772ef4e1cabc9c67232bf60d977b48c2fadcb9401ae05e7c8e23fcf9ba7406
- SSDEEP
  
  393216:sl9Yl7Elel7ElAlQleTl/l/l/l/l/lzlml/lqlZlHl/l/l/l/l/l/lIlAl+lUl2x:WTXT
Score

10^/10

microsoft phishing asyncrat agilenet rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

agilenetrat%group%asyncratarrowrat

behavioral1

behavioral2

behavioral3

microsoftphishing

behavioral4

asyncratagilenetrat

© 2018-2024

Terms | Privacy