arrowrat | 7da2fead1f047d7944281ec28881f8b765c6cd484712d4f5b3c79798b957231c | Triage

Submit
Reports

Overview

overview

Static

static

1

Venom5-HVN...at.exe

windows10-2004-x64

Sharing

General

Target

Venom5-HVNC-Rat.zip
Size

9.7MB
Sample

230405-r4madafd27
MD5

9a69ab7b946879819e3412be2d379efc
SHA1

0912a94c851f78431d5e79af2e27f59ddfbd9905
SHA256

7da2fead1f047d7944281ec28881f8b765c6cd484712d4f5b3c79798b957231c
SHA512

2fa8add5dd5db94ad55d71aa81bfa137f170b184f571c7f2efa6a55504959a2211401a4fb24328042bd045250286574c296cbce1eaec30094d9829ddd3871f02
SSDEEP

196608:1WrCb7WBh4pXayrE2trYrk97T0TH35A8kSDDzM3T8TrWEBJp:LfWBh4sYJrOHp944/l

Score

10^/10

arrowrat asyncrat %group%agilenet rat

Static task

static1

Behavioral task

behavioral1

Sample

Venom5-HVNC-Rat/Venom5-HVNC-Rat.exe

Resource

win10v2004-20230220-en

arrowrat asyncrat %group%agilenet rat

windows10-2004-x64

18 signatures

1200 seconds

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

C2

%Hosts%:%Ports%

Mutex

%MTX%

Targets

- Target
  
  Venom5-HVNC-Rat/Venom5-HVNC-Rat.exe
- Size
  
  9.6MB
- MD5
  
  c6e5045b7f5201f86fa4e655781cc97b
- SHA1
  
  4e3e9125d8881e632a2384d6c57fc27f8bcbddcc
- SHA256
  
  5ae30394f70c8269f576374a2adb32de3b400e87b00786d538246dd7b9a7f548
- SHA512
  
  c62ceb19bb8b105ce93f9bbf85ceeabb7b7239c1f329b19a844d342fda118279d6aaeb7221ce2f5591e842ef136303fd347d7c1ceef095b145e549b812d9c2ab
- SSDEEP
  
  196608:JBP70XvXdb5e0hnHTW3GwhXscv84MzaVpXeEWgJfbC1xllS7o/riN:JBudb5eaHT4GYrvbMG6K+jQ4+
Score

10^/10

arrowrat asyncrat %group%agilenet rat
- ArrowRat
  Remote access tool with various capabilities first seen in late 2021.
  rat arrowrat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arrowratasyncrat%group%agilenetrat

© 2018-2024

Terms | Privacy