Overview

overview

10

Static

static

10

Venom_RAT_...NC.exe

windows10-1703-x64

10

Venom_RAT_...NC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-03-2023 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Venom_RAT_5.6_[tombstone3#3883]/Venom_RAT_COMPILED/Venom RAT + HVNC.exe

  • Size

    15.5MB

  • MD5

    dc7afff0e35d307b937803c0c9ce9950

  • SHA1

    25763c899b1e0f1d7073f287513338c2f52fd560

  • SHA256

    91fd819114314284f960159ca85b160ff39a025c55cf51960bb5262878db97f5

  • SHA512

    68e86c1e7b72c7592e3d6a911cfbc1339f9b638312ef59ae6b81bf733676813c3a6512f5d79c685e324cb0be7ae1ffafd72dd75a45116fb7c3762d78f797698b

  • SSDEEP

    196608:UA5PPrnA5PPr3lAA5PPrJSe6PC7aIahLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95Un:PebljNd60T7P+Zw6NLIsFfskh1BmXG

Score
10/10
asyncratrat

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Venom_RAT_5.6_[tombstone3#3883]\Venom_RAT_COMPILED\Venom RAT + HVNC.exe
    "C:\Users\Admin\AppData\Local\Temp\Venom_RAT_5.6_[tombstone3#3883]\Venom_RAT_COMPILED\Venom RAT + HVNC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2e467f22-fd46-4a8b-b54a-a1ebefcab704\SiticoneDotNetRT64.dll
    Filesize

    75KB

    MD5

    42b2c266e49a3acd346b91e3b0e638c0

    SHA1

    2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

    SHA256

    adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

    SHA512

    770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\2e467f22-fd46-4a8b-b54a-a1ebefcab704\SiticoneDotNetRT64.dll
    Filesize

    75KB

    MD5

    42b2c266e49a3acd346b91e3b0e638c0

    SHA1

    2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

    SHA256

    adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

    SHA512

    770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

    Download Submit
  • memory/4544-145-0x000002854E210000-0x000002854E220000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4544-146-0x000002854E210000-0x000002854E220000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4544-134-0x0000028532BD0000-0x0000028532BE2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/4544-142-0x00007FFBAB480000-0x00007FFBAB5CE000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/4544-143-0x000002854E210000-0x000002854E220000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4544-144-0x000002854E210000-0x000002854E220000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4544-133-0x00000285318D0000-0x0000028532862000-memory.dmp
    Filesize

    15.6MB

    Download
  • memory/4544-135-0x000002854E490000-0x000002854E6F8000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4544-147-0x000002854F100000-0x000002854F13C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/4544-149-0x000002854E210000-0x000002854E220000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4544-148-0x000002854E210000-0x000002854E220000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4544-150-0x000002854E210000-0x000002854E220000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4544-151-0x000002854E210000-0x000002854E220000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4544-152-0x000002854E210000-0x000002854E220000-memory.dmp
    Filesize

    64KB

    Download