asyncrat | f7e08115aa4fca9ce8dd2795a9ba5c8b8416f0f48a7b87900e160bf7bcbea08f

Analysis

max time kernel
31s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VenomRAT_HVNC.exe
Size

16.5MB
MD5

31be8acd11aa5738dd970410adb597da
SHA1

cd4d52b884066e1a47fd27b616cfafeb66225cde
SHA256

e78a5ee885dc3b170a5e009aaf1a2db565ac1bf729a0c2195ebfe56420717abb
SHA512

ee621bf362cd717d9b026f14e5ff1da5f28fbdb5c58dacd3a8da120e5472baaaef22b052a08d51d49b6dae30cf15178b588acd5cb3596c2e0f2ef533e467ba94
SSDEEP

393216:Hl9Yl7Elel7ElAlQleTl/l/l/l/l/lzlml/lqlZlHl/l/l/l/l/l/lIlAl+lUl2+:JTXT

Score

10^/10

asyncrat agilenet rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral32/memory/3716-133-0x0000025C18BD0000-0x0000025C19C60000-memory.dmp	asyncrat

Loads dropped DLL 1 IoCs

Processes:

VenomRAT_HVNC.exe

pid process

3716 VenomRAT_HVNC.exe

pid	process
3716	VenomRAT_HVNC.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral32/memory/3716-134-0x0000025C35010000-0x0000025C35220000-memory.dmp	agile_net

C:\Users\Admin\AppData\Local\Temp\VenomRAT_HVNC.exe
"C:\Users\Admin\AppData\Local\Temp\VenomRAT_HVNC.exe"
1⤵
- Loads dropped DLL
PID:3716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a41ef880-d88e-4a33-9618-41469a92ce4d\AgileDotNetRT64.dll
Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\a41ef880-d88e-4a33-9618-41469a92ce4d\AgileDotNetRT64.dll
Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
memory/3716-143-0x0000025C1A060000-0x0000025C1A070000-memory.dmp

Filesize
64KB

Download
memory/3716-141-0x0000025C1A060000-0x0000025C1A070000-memory.dmp

Filesize
64KB

Download
memory/3716-134-0x0000025C35010000-0x0000025C35220000-memory.dmp

Filesize
2.1MB

Download
memory/3716-142-0x00007FFCC89C0000-0x00007FFCC8B0E000-memory.dmp

Filesize
1.3MB

Download
memory/3716-133-0x0000025C18BD0000-0x0000025C19C60000-memory.dmp

Filesize
16.6MB

Download
memory/3716-144-0x0000025C1A060000-0x0000025C1A070000-memory.dmp

Filesize
64KB

Download
memory/3716-145-0x0000025C1A060000-0x0000025C1A070000-memory.dmp

Filesize
64KB

Download
memory/3716-146-0x0000025C1A060000-0x0000025C1A070000-memory.dmp

Filesize
64KB

Download
memory/3716-147-0x0000025C1A060000-0x0000025C1A070000-memory.dmp

Filesize
64KB

Download
memory/3716-148-0x0000025C1A060000-0x0000025C1A070000-memory.dmp

Filesize
64KB

Download
memory/3716-149-0x0000025C1A060000-0x0000025C1A070000-memory.dmp

Filesize
64KB

Download