Overview

overview

10

Static

static

10

New folder/7z.exe

windows10-2004-x64

1

New folder...to.dll

windows10-2004-x64

1

New folder...I2.dll

windows10-2004-x64

1

New folder...es.dll

windows10-2004-x64

1

New folder...rd.dll

windows10-2004-x64

1

New folder...ra.dll

windows10-2004-x64

1

New folder...un.dll

windows10-2004-x64

1

New folder...er.exe

windows10-2004-x64

1

New folder...ns.dll

windows10-2004-x64

1

New folder...nt.exe

windows10-2004-x64

10

New folder...le.dll

windows10-2004-x64

1

New folder...fo.dll

windows10-2004-x64

1

New folder...ss.dll

windows10-2004-x64

1

New folder...ls.dll

windows10-2004-x64

1

New folder...es.dll

windows10-2004-x64

1

New folder...me.dll

windows10-2004-x64

1

New folder...rs.dll

windows10-2004-x64

1

New folder...ns.dll

windows10-2004-x64

1

New folder...on.dll

windows10-2004-x64

1

New folder...le.dll

windows10-2004-x64

1

New folder...on.dll

windows10-2004-x64

1

New folder...fo.dll

windows10-2004-x64

1

New folder...es.dll

windows10-2004-x64

1

New folder...er.dll

windows10-2004-x64

1

New folder...em.dll

windows10-2004-x64

1

New folder...ge.dll

windows10-2004-x64

1

New folder...es.dll

windows10-2004-x64

1

New folder...es.dll

windows10-2004-x64

1

New folder...am.dll

windows10-2004-x64

1

New folder...IO.dll

windows10-2004-x64

1

New folder...ns.dll

windows10-2004-x64

1

New folder...NC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New folder.zip

  • Size

    16.3MB

  • Sample

    230405-r7nydafd44

  • MD5

    145aebc64c4fcd7c8937efd5b1d7a187

  • SHA1

    b3b94d0bbdfa5487564b6700423b033a8abda318

  • SHA256

    e2ed986394cf247495d37901772aad9f4f87bc2f03f65e0ead9706b9e51b66fa

  • SHA512

    546934eb868368c42613849d49ef98e21bc2b38131b0fa47bc56a8e73051564ae32146baf89065b5dc1d5b3d32c5b3fb969171acc87efa20ce630eab4ae00e0c

  • SSDEEP

    393216:pCe7+Z/CbK/P8uFT5lYUwDf8FVg5DeiV+5tXXw2gGy+SXx4rWk+Fk2FQV29ItSH6:U/Zc6dFTjQf6yMistnWmSXyyXhFQ8qSa

Score
10/10
arrowratasyncrat%group%agilenetrat

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

C2

%Hosts%:%Ports%

Mutex

%MTX%

Targets

    • Target

      New folder/7z.exe

    • Size

      436KB

    • MD5

      3e797119e0fd64297cb82794b8d68edd

    • SHA1

      a67d3b35743f6ca383673a3848b8c97ec164cc0d

    • SHA256

      c7245e21a7553d9e52d434002a401c77a7ca7d0f245f2311b0ddf16f8f946c6f

    • SHA512

      1378c54a3a1c5bd73c04e787d218f245024625003d689379013f1343c7f9e6282d670c3d68edce6006629ca90cddd27ac3f53f640f96c4936bbff319658caef8

    • SSDEEP

      12288:4DRHJamC1E+3ZZ4jjEKDywIYCsdtpu7Cdw:ghF+3ZZ4lRk7h

    Score
    1/10
    behavioral1

    • Target

      New folder/BouncyCastle.Crypto.dll

    • Size

      2.5MB

    • MD5

      3551343fab213740bbb022e3a6dcf27b

    • SHA1

      de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f

    • SHA256

      5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6

    • SHA512

      e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42

    • SSDEEP

      49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0

    Score
    1/10
    behavioral2

    • Target

      New folder/Guna.UI2.dll

    • Size

      2.0MB

    • MD5

      0188fce753516183a41c4d146e337778

    • SHA1

      eb0f5324e8dd08a181d4bdfc1d90543077b2ee67

    • SHA256

      ee4449bccf826cbc56c13087d54a1a69fd42464d437ce8f355ac6afb61df6829

    • SHA512

      b3aafc9a80eec37556f4e60ab23579dd7d42c060b3ca2064d6d0c16901b54500503750868bef651a01401551551e372ac9fd459029c5d0efdd2aa385384916fc

    • SSDEEP

      24576:SANEfBpDsH/bTIRPZyiXeq+Tc7XRbF+TSgkrwf9Pa3oZm8jqG4LEx1npSBeX673f:Sz9+OgRpUwXpUeXQq5dn

    Score
    1/10
    behavioral3

    • Target

      New folder/Microsoft.Win32.Primitives.dll

    • Size

      20KB

    • MD5

      76b8d417c2f6416fa81eacc45977cea2

    • SHA1

      7b249c6390dfc90ef33f9a697174e363080091ef

    • SHA256

      5eaa2e82a26b0b302280d08f54dc9da25165dd0e286be52440a271285d63f695

    • SHA512

      3b510cdc45c94be383c91687c2cb01a501ba34e3fbb66346214fc576d6f0e63c77d1d09c6419fc907f5b083387a7046c0670377ad2e00c3ec2e731275739f9c7

    • SSDEEP

      384:/N9VWhX3WsQBm0GftpBjvmaQHRN7YlgaGn7rJd0:1GmViYL0Gff0

    Score
    1/10
    behavioral4

    • Target

      New folder/Plugins/Discord.dll

    • Size

      27KB

    • MD5

      b591cff18fd7344243cf8a4eca624a65

    • SHA1

      29f9134bb33d429d27b87e6f2112b6753e1dcae4

    • SHA256

      6a43095314d5e32db307eef638d2f5afea7dd40ff6acda24fc28ce0c1632cb6a

    • SHA512

      ae1aa8db37182a4b8ee06249da6304c1c105adf06b2091cf24b3e79ad1d6d1a6eaab12bf059cd86deb04b7084d563a25d5bbef6ddf7857c1a34fc0e0032664fc

    • SSDEEP

      384:HfzPwa/ppmIwuCfMeSmfbQFFVBdseXG3cGh+JaL6lkSggL5XxXIUdwmuJpSVmlY2:HhGIwhPgh0Jd+5XxjwmuJpSV/I7

    Score
    1/10
    behavioral5

    • Target

      New folder/Plugins/Extra.dll

    • Size

      34KB

    • MD5

      17db58471bf45715ba46b5af7920d676

    • SHA1

      0ab236a6d554597dac8fc40fc3e1a29f905c0275

    • SHA256

      dae673b838de497c1aa8a558d4dd5963d90e8b21538cb0d9adce585ef6fbc915

    • SHA512

      29432c0d19be6ae8c8ab68ab1a7c4007d502222b329f9a0bfb994427f182028aeeacc199dd27334cdc0adabbdee7a07a3d24826ed67b05711c2370a4b7395265

    • SSDEEP

      384:0hfLE8JhqmxGhnGOheE6qCtdKudseXG5JN2ahDkz7R3bu6jUwv5YacMvvp8D5K8:wQ8hxGWCkQuMPkv5YdAva9IKqbnMK

    Score
    1/10
    behavioral6

    • Target

      New folder/Plugins/Fun.dll

    • Size

      36KB

    • MD5

      e07004ec43ed994b9a11999145f5a43a

    • SHA1

      00cba09ae5a38dcfdbac1a8cff9cd1fff2c0b3e7

    • SHA256

      2b25c33a033bdc85ea4db8c3ea89bbfc7d1a1dd80d21a1835bba5672759efdd9

    • SHA512

      39948577cf0185ffbda3c2757c7fa746e41a169ca7fa0a3718cc564fbbec439b047bc540fbd5ac59908965424ef11f6564d9795b101bfc58656247e76b0c88f5

    • SSDEEP

      384:T7fLviWK1Xr4GtVmEc6BktslnlrqKQdseXGtrR52bhimwy0Xprnhc4r/f7rpVqKX:fGXFEGtMqS2lnhQk95Z3nhXrLDUCE+

    Score
    1/10
    behavioral7

    • Target

      New folder/Plugins/Keylogger.exe

    • Size

      10KB

    • MD5

      4f846f2117c4eab285289b0090521b1e

    • SHA1

      e25287c39bad32159417c5f0bf798625b6beff45

    • SHA256

      a17a5bf35d8b784c3111632ba7e0c30a2c1a9c2c95b549235affc16d6d055477

    • SHA512

      fd946b5f7c3c7d32f226897283de7ba3b4a4ecc2919c363877f1258cd24ed1a52bce53af2fe4ef34c4ac30d00fc456fd4e1593b79c37f7c22211f2c4f6092e5e

    • SSDEEP

      192:irtmcuq65SoDxi4maEYbRzmEsLkjgv5JHT1eJYHcwY7fazB+LEi:irtlF60GE9rUhVsLF5p1rYydmE

    Score
    1/10
    behavioral8

    • Target

      New folder/Plugins/Options.dll

    • Size

      377KB

    • MD5

      0fd19be97a94b00e440d14b06449cf92

    • SHA1

      c0ce1911fe5ddd5d9b9446b16df6c51a555e5415

    • SHA256

      0460389a3845a271ba5d65b30b66c57458f2373d75aad94e92416d772d06df5d

    • SHA512

      1049d90236b43a617ee3ede56ed175a39d1bf090ad1469f9edf71d91fdd7267b1aacdd3303a1ead11785aed2bc31dbb9fb1b2f15461cc793c7ab7c8b8f31e9f5

    • SSDEEP

      6144:50ZHTjm66pzzevOqsdHUIByYF3ykIGL/ec:50x6Jy2TB7UkIS/

    Score
    1/10
    behavioral9

    • Target

      New folder/Stub/Client.exe

    • Size

      63KB

    • MD5

      6158c0682f86511060619bba0fe864be

    • SHA1

      63a1738c87ba9449b1d572ee470da2b242742643

    • SHA256

      5bf4fc2c4d3115229d60511cad1af48019a4c291ad6144e73393e88e319f80a5

    • SHA512

      baef40b589d8717f419185ad0885173f790394827d72d78520890ae737c7ee1cebe3af062340847cfe705c223669562e7116f48ab11d59654653a0b269026bd1

    • SSDEEP

      1536:8WP+BbY58krxvI0TTCNsOoIK7q6LgRAIM8pqKmY7:8WP+BbY5xrxvI0Z7P8R8Xz

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat
    behavioral10

    • Target

      New folder/System.Console.dll

    • Size

      20KB

    • MD5

      ea9376c17ee0148f0503028ad4501a92

    • SHA1

      9d5686cbf45e90df5e11d87e7b90173a1a64b1a0

    • SHA256

      b537313413f80105f143cc144feeae2ac93f44747727de309a71d57d2650034a

    • SHA512

      18d1bb2d5c469644078d75766dbf04addf7d0c543f7ed15ff522ceeaef960900dd8ec68172f5d684b76b0aa6946bb38d641f021ec04c70ad66a6062c10412e0a

    • SSDEEP

      384:iRbzriaXT+WlEWLC7Bm0GftpBjXUNZiTaQHRN7hldBoQAYv8:A7icYVisiTLToJYU

    Score
    1/10
    behavioral11

    • Target

      New folder/System.Diagnostics.FileVersionInfo.dll

    • Size

      20KB

    • MD5

      0d9a641105098d642567b22101a4de0b

    • SHA1

      12419c25d1c2eb706a4e4e649ee353ceda7446a9

    • SHA256

      7c25a74772e135257235640a0264ddc05235e14f3627896cfe735e9955155f83

    • SHA512

      fd4560cdf01de237ddf797a33c5dbc220d3fcae07ede17d43c39f5562e36e03646676a87e20699d7603fca6d84f66c8756eb863dd4727b7e1a499619bb88dde1

    • SSDEEP

      384:m6oWJjWlC7Bm0GftpBjJeiaQHRN7t2H9lO62gHcXq:m6vpVi+iLtecg8a

    Score
    1/10
    behavioral12

    • Target

      New folder/System.Diagnostics.Process.dll

    • Size

      21KB

    • MD5

      d86b0aca05321569d9383dc7c4e9e934

    • SHA1

      2ef7d0a222c3a3e564b3c72d5b71a5be40a7adea

    • SHA256

      28b165cddb82a2507114394ae398995ef8a50c549214f8678aa66054f6927754

    • SHA512

      5959e1129c983825233a07869dd1b2b1db32830d2b5f6b7f8d869c39a76a241f88f76d37341fdfbf56f000fc6acba19aeb36a7efb94721494b41b65bf4978651

    • SSDEEP

      384:Gqk53/hW3fZ+zWQC7Bm0GftpBj6dlwaQHRN7q5blgaGn7i:Gqk53MpViywLGbGu

    Score
    1/10
    behavioral13

    • Target

      New folder/System.Diagnostics.Tools.dll

    • Size

      20KB

    • MD5

      27c7d752c11c3f43f28eb31968e73e2b

    • SHA1

      51e466218025126c5e524afd2086f4ab0bf3660a

    • SHA256

      260c6250ef9b57dca99b4cecc533f9a34857b5a32b5351202f776163841200aa

    • SHA512

      393d1747911a7f91f4c4f4f363a3782f24e00431478088da454823a223a4e75e51d9b010fc5d9746e2bf0185be90071b6cb70c777337d718b39151eef6b486aa

    • SSDEEP

      384:UUAlcWHaWlvT1Dm0GftpBjXGIRaQHRN7/lBLY6fIi:29N1DVihGIRL/Yni

    Score
    1/10
    behavioral14

    • Target

      New folder/System.Drawing.Primitives.dll

    • Size

      20KB

    • MD5

      29b0a1554e54611ebba7911049f26fd3

    • SHA1

      d707745e72d2f39374f2d28af52aaab7888b93ab

    • SHA256

      2805a18724a24034ad6acb315dac516e479cecc5f3753204052657e560932d5d

    • SHA512

      17558306a611bfac6982d5650335b05ea407191290b653c028896142ebee2abceb22f7d71926fbbcc3fab8227c61a5fda0e770abfca021ac7f891c9c7ee42e81

    • SSDEEP

      384:R28YFlXulWY/W1+109m0GftpBjIaQHRN7T/8ldBoQAYBS:R0qMViaLTwoJYBS

    Score
    1/10
    behavioral15

    • Target

      New folder/System.Dynamic.Runtime.dll

    • Size

      21KB

    • MD5

      c5cadb1409f25b6a1c7a6dd4c2df236b

    • SHA1

      a994c87352486d433a06943c01329dd721ab343f

    • SHA256

      f600acc811720183c639cebe5618baf9c8135b85b9cbdc0758bc9b2dcc6dd7a9

    • SHA512

      6bd6e482533b9ff8fff8823f84cde7191a0fd5575f76891a95e99cd1f5c1122ef92b436745ec9583089445fd5eac795181759080b1d83ccfa1eed31d9cce3af0

    • SSDEEP

      384:puMLcdQ5MW9MWf+109m0GftpBjMR5aQHRN7Ljl78oSwDnuB3:AOcSpxVi2Lhawi

    Score
    1/10
    behavioral16

    • Target

      New folder/System.Globalization.Calendars.dll

    • Size

      21KB

    • MD5

      ac2f4b435ddf0600d7a866f42f3b40d9

    • SHA1

      0564ff7f7e6084bd6d02d8e6a4127d1c878b3fa6

    • SHA256

      b56ffb65b842daae13f3020b0b04646db92f89801d2a2f89087d145a996d43f7

    • SHA512

      dc3e9c3b4d732801dcf43cfd6cdd2672f01e03cb99d804a3f4803fddb9ca9817bcfd2f96fd94b7b33db0994f5478ce200c048db5dbb78d3b24e950262ebf4d28

    • SSDEEP

      384:3Z7RqXWDRqlRqj0RqFWX5Twm0GftpBjGRqazmHaQHRN76RqIil3uVogC:J9qKqjqjuq0wViGqRLoqItV7C

    Score
    1/10
    behavioral17

    • Target

      New folder/System.Globalization.Extensions.dll

    • Size

      25KB

    • MD5

      c7c93de0627833900b8379fd181b7351

    • SHA1

      2cb98f9622f57a0a9e037a378519aa6a271302f6

    • SHA256

      c7e91bd148ed22ee1ff8ebd3e58b199a30af90aa37499bcf8da34409672f2ed9

    • SHA512

      1067bacc4495eacbc27937b54780b97da62fed1af66158e2fa492fc82b068d49bb49bc20c3c82c22d8edd300bd7b097e14aa1e317f1789744e188bca15d22b4d

    • SSDEEP

      384:MNBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9WQDzDm0GftpBjeXRsTUbaQHR/:MvMhF2SzNzwu/Nlju/ViCLLsBy

    Score
    1/10
    behavioral18

    • Target

      New folder/System.Globalization.dll

    • Size

      20KB

    • MD5

      ae023bb0beee5189a07c7fd4e0cf3fca

    • SHA1

      846711d4161a3950facdef97037898a71f4efda1

    • SHA256

      56bd0c02c734abf4d7fd1ef2e8b6a9e4bf5e4bab4e606cd1023d63b02852fa61

    • SHA512

      62305027ae8bb5b830630fe54f2cf9e607f9b97ffe28912c2cb15d429252668f17eaf2d7ceecf5601c889d5ea52e0b9100f115173bb11b5d6208171792833c85

    • SSDEEP

      384:gZ4RLWdRfRJ0RZWw+109m0GftpBjPWR+HaQHRN71RNl78oSwDnud:gZK0pJujViFc6LzrawS

    Score
    1/10
    behavioral19

    • Target

      New folder/System.IO.Compression.ZipFile.dll

    • Size

      20KB

    • MD5

      bb1a520f25bb93ace4dd0a060fba677d

    • SHA1

      92bf07ccf32eb9fdf06f446a256e0271c4028bf0

    • SHA256

      7720ee13405ea8a3c204703a181e67dc6d66835e9df263c09d04d8b48b41eb26

    • SHA512

      9288148ec879ebeafd53c225854ee3bd3768ba5c7b829d6af1251d20ac301fc27a04bebb603fe2cde6949bc5968fde717e8b747337c1ad872450d26f7c36f515

    • SSDEEP

      384:OYWsmWs+109m0GftpBjncaQHRN7QlgaGn7G7:O28ViGLMGG

    Score
    1/10
    behavioral20

    • Target

      New folder/System.IO.Compression.dll

    • Size

      79KB

    • MD5

      b74495ce791ceb565e17ac6ef7417b7e

    • SHA1

      b928b52db71d3818472088079260e406dc64d79f

    • SHA256

      9d6216631d192a881c170fba413599f6c79442fa1e933c2000530444d207522d

    • SHA512

      74b36eb7ec8674a7630d1e7cec364a5add65d0bb14e0bdfae05eb4d206a6f79f1c0e6b92bffc073cc4f4535427731de2fedaddb729327f66d2c085dac66ccf8e

    • SSDEEP

      1536:NU4ExvNo9jTqlh+e3D/asRCeg5MQk7dmNoOaO3EBoim:a/FLHPz/I8BhmNoOaO3Emim

    Score
    1/10
    behavioral21

    • Target

      New folder/System.IO.FileSystem.DriveInfo.dll

    • Size

      20KB

    • MD5

      2fcb2158fc41d97e2bb71953664b99b9

    • SHA1

      16eb49afca84c9e6160b4e5b36f1ec5c98470c86

    • SHA256

      984575c44cab17d46587af6cc8c22c409b79bec280fd771e6af93a0a0c20e5b0

    • SHA512

      1527a426f8ec9931573468929966e102012b630ec4aa370c196b2b87472bcee696b00355adaeb39b4151b986470f7dada415e3f930d9678b68d3c531c8ac9b52

    • SSDEEP

      384:uKcuz1W1cWW+109m0GftpBjFGAaQHRN7PlBLY6fJ:6u8AVi5LvYc

    Score
    1/10
    behavioral22

    • Target

      New folder/System.IO.FileSystem.Primitives.dll

    • Size

      20KB

    • MD5

      51b07204081bde29a1f84a3b48554186

    • SHA1

      fca2f72c039937357099ca6e167330e540f8335d

    • SHA256

      5c84dd40d67c0e59906511d2b09da8e28c454b5979eb5fde74213f9d4bdbc564

    • SHA512

      099ec1b84fcf6bf07142ad8cd34307c80f19a64c754ade505ab55707075a764fbe7bfa4ce2fbaeaa09b3e61ebdb6e3d116608df0cf77bc076c7b3119db37a324

    • SSDEEP

      384:W+SWikWL+109m0GftpBjqaQHRN7Dh6l3uVogJ:W+e1ViILDHV7J

    Score
    1/10
    behavioral23

    • Target

      New folder/System.IO.FileSystem.Watcher.dll

    • Size

      20KB

    • MD5

      3772a3a7e55178ec90ecb607aba28511

    • SHA1

      68c240d1a43de1678ef13107b9300c544e9d5e4e

    • SHA256

      c9e2562f1a1b86acdb6957cf916aced9c4f8b71ebb16dfa0050252146205ad37

    • SHA512

      245f12b4926114ebdb39a54628a1df2501c4a27abd531172cc63bc96298ee0f4be5658ae95fe730c063eadfb1b664c7d201c69c2246cfba23ed5a4fe7ef3d14e

    • SSDEEP

      384:fAWzgWw+109m0GftpBjeQKaQHRN7Z0lO62gHcXC:ftCVisdLzg8S

    Score
    1/10
    behavioral24

    • Target

      New folder/System.IO.FileSystem.dll

    • Size

      20KB

    • MD5

      bfceb4faca75681137455cd70f8038b6

    • SHA1

      bfa0e27be1d56ba48918a9b7ca7090af7779a10e

    • SHA256

      9a4595dbb128e2d8f373b3ac45478e7131f4d181b50ec821ec8cb88bd46bd5b8

    • SHA512

      58d7e8d6fa237a6eac018c0a88d6bf76ad9ee49b6a6790b64e68c33ebf80afcb4223881aac6821132b877e7d848bc917eb9490590cdb297f362c9b43143d6713

    • SSDEEP

      384:9BLRWbYW+f+109m0GftpBjPIuaQHRN7RlgaGn7c:9B20zViFIuLxGQ

    Score
    1/10
    behavioral25

    • Target

      New folder/System.IO.IsolatedStorage.dll

    • Size

      20KB

    • MD5

      ab8d293bcd7a13e83565b4afa8438988

    • SHA1

      48f227c62b2001c441bcbc5b570911f096ddf421

    • SHA256

      0e80a2e256d16e487bc847d1857ed7cd088f176254ba2a385d675338b836b0fc

    • SHA512

      443dd75234c043de736423466c1fc2ff2bd9b6b9fe753521c3c225de99f5a7d3828a470cf8ea54678a86681949e5dcd1de1eab35bf0f348f758fa099a9092f54

    • SSDEEP

      384:2HW4/WJvT1Dm0GftpBjE3aQHRN76RlTZVkuu:2ry1DViu3L6HZVC

    Score
    1/10
    behavioral26

    • Target

      New folder/System.IO.MemoryMappedFiles.dll

    • Size

      20KB

    • MD5

      34e21101faf71a27c6819cc051debc9d

    • SHA1

      d9df77b4993418337894ff04c6b813224b9f8543

    • SHA256

      81b6527ac2d18782ac24ae463c11dd1d70ab1bc89f626b7347a592229b371a1d

    • SHA512

      aa339f2489ca9bc9ef7f6121c9586dbd8f5ad2ca5a160a3bcac74b908570ec2fc0bc24e0ec33ae9de9d6a6c3557ec2816fe8e89ffca93e310503f6f83a691f6d

    • SSDEEP

      384:Gvk7hWmCWXC7Bm0GftpBjyuGaaQHRN70EflO62gHcXm:Gs7/+Vi1GaLIg82

    Score
    1/10
    behavioral27

    • Target

      New folder/System.IO.Pipes.dll

    • Size

      20KB

    • MD5

      58a2e5ac0510b9223236b9317c505b58

    • SHA1

      a00954217ca326c54a863d451820263a6d7ee1af

    • SHA256

      80a229b2917fc3a5d941ff9745a6be0065028afdf9509300410d2721c71f1198

    • SHA512

      18736ecfe0ef0c477bf64f89ca97af4578defc996f0a5bad33d7a29af6e09745e4b10d6d543243b9664e40169ee550c996e783c5ffbb0fc767da7ffc63e13fb6

    • SSDEEP

      384:3GMWCUWm+109m0GftpBjG6VVaQHRN7Utl3uVog4a:33cVi0OVLUOV73

    Score
    1/10
    behavioral28

    • Target

      New folder/System.IO.UnmanagedMemoryStream.dll

    • Size

      20KB

    • MD5

      d74405753f829e75e89bba5ebc296112

    • SHA1

      474944856db781a34796bfcce18ecd4580275ad1

    • SHA256

      86f1f12e47f260985b08bb966598123578eb5e48bef9bb086f04e16e9d53bb32

    • SHA512

      cdc5d49fcf0249c539e45c9917c152f130c8fee975d97c2f62526f474cb779b2bf273195f4aa7a64f76dd2496528c0d021b56e60aae2635606f9f55092cb47f4

    • SSDEEP

      384:sBhwI7WSQWfTwm0GftpBjGaQHRN7SRalgaGn7x:sDwIBxwVi0L3Gd

    Score
    1/10
    behavioral29

    • Target

      New folder/System.IO.dll

    • Size

      20KB

    • MD5

      809fdbd7422a3e02c89244dc530a3367

    • SHA1

      a6999c04b243b034f8ee7ad0d79f3ce24df9a9d0

    • SHA256

      c191a43029edd4eb8eee003356f1fe79aa45071c25433a7a3589590e9089eed9

    • SHA512

      5232b7ef2b60a99be2b027112078a7debf58bfa4308f4ae53dd9a96fa7bccbb0927beb7148e7a3944173f7820f9f519767539d1fdfef848b6f1d6668be11fc15

    • SSDEEP

      384:iyvPRW4lWkTwm0GftpBj8w0aQHRN7y3lBLY6f4:H39VwViGw0L0Yh

    Score
    1/10
    behavioral30

    • Target

      New folder/System.Linq.Expressions.dll

    • Size

      21KB

    • MD5

      3b49bf361f3116de28176b40845bc199

    • SHA1

      5627e53d15e56868dc9082edcae5a653b96b9af1

    • SHA256

      bf97f67165231c2a42b95f11d80337b082e2b2be54351da44c8a10c06194b369

    • SHA512

      0fe87438acd6c14401523987be617a83ddfd2b42938fc52e0da5f941f7dc70686cc6436edd41c4998fd56d5f52d64acfab5010b96b1e80c084c4ab9f546202a8

    • SSDEEP

      384:j6RW6eW++109m0GftpBjeLUaQHRN7es2lGinGEx:j67aVi8ULzSN

    Score
    1/10
    behavioral31

    • Target

      New folder/VenomRAT_HVNC.exe

    • Size

      16.6MB

    • MD5

      5384c0396589430eeb3d1a2e05703e9a

    • SHA1

      20da44da7639bbef2f6b5bfc21df7474cd1109af

    • SHA256

      b4250aff983f1f588593baed1adb4797e6c1ab6225595ebd013b50348a57a459

    • SHA512

      9bf613ee62b0e56af500dd88f572b2221ad6df63b0b4c0dcb0ef763efcebeac633a95f10dfce90f6cff038df2810681dd55dcdd272eb9f907c670cc2e4f7363a

    • SSDEEP

      393216:Al9Yl7Elel7ElAlQleTl/l/l/l/l/lzlml/lqlZlHl/l/l/l/l/l/lIlAl+lUl2L:6TXT

    Score
    10/10
    asyncratagilenetrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

agilenetrat%group%asyncratarrowrat
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

asyncratrat
Score
10/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

asyncratagilenetrat
Score
10/10