Extracted

• • Target

    Venom5-HVNC-Rat/Venom5-HVNC-Rat.exe

  • Size

    9.6MB

  • MD5

    c6e5045b7f5201f86fa4e655781cc97b

  • SHA1

    4e3e9125d8881e632a2384d6c57fc27f8bcbddcc

  • SHA256

    5ae30394f70c8269f576374a2adb32de3b400e87b00786d538246dd7b9a7f548

  • SHA512

    c62ceb19bb8b105ce93f9bbf85ceeabb7b7239c1f329b19a844d342fda118279d6aaeb7221ce2f5591e842ef136303fd347d7c1ceef095b145e549b812d9c2ab

  • SSDEEP

    196608:JBP70XvXdb5e0hnHTW3GwhXscv84MzaVpXeEWgJfbC1xllS7o/riN:JBudb5eaHT4GYrvbMG6K+jQ4+

  Score

  10^/10

  arrowratasyncrat%group%agilenetrat

  • ArrowRat

    Remote access tool with various capabilities first seen in late 2021.

    ratarrowrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  behavioral1