General

  • Target

    Venom5-HVNC-Rat.exe

  • Size

    9.6MB

  • Sample

    230318-szekeacg54

  • MD5

    7e0817e3a41335f54a977e51fc226d16

  • SHA1

    7d8d8fa29e93485411c9071e5add28027ca6b4b5

  • SHA256

    13c2f14da985be19ee598514bd96e8a7a75ebfa297560d8bc64f9673693b3c67

  • SHA512

    ccfab96b17073a70f85e01f8e322a0836439ca08fab58de359a732ed48136ee2a08c1cb55f1a63f421f70f3a778960bb3392c69fce448637a62e0f2e88e899d8

  • SSDEEP

    196608:J1hG0XvXdb5e0hnHTW3GwhXscv84MzaVpXeEWgJfbC1xllS7o/rlf4:J15db5eaHT4GYrvbMG6K+jQ4hw

Score
10/10

Malware Config

Targets

    • Target

      Venom5-HVNC-Rat.exe

    • Size

      9.6MB

    • MD5

      7e0817e3a41335f54a977e51fc226d16

    • SHA1

      7d8d8fa29e93485411c9071e5add28027ca6b4b5

    • SHA256

      13c2f14da985be19ee598514bd96e8a7a75ebfa297560d8bc64f9673693b3c67

    • SHA512

      ccfab96b17073a70f85e01f8e322a0836439ca08fab58de359a732ed48136ee2a08c1cb55f1a63f421f70f3a778960bb3392c69fce448637a62e0f2e88e899d8

    • SSDEEP

      196608:J1hG0XvXdb5e0hnHTW3GwhXscv84MzaVpXeEWgJfbC1xllS7o/rlf4:J15db5eaHT4GYrvbMG6K+jQ4hw

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Tasks