Overview

overview

10

Static

static

10

VenomRAT_HVNC.exe

windows10-2004-x64

10

cGeoIp.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    52s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2023 11:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VenomRAT_HVNC.exe

  • Size

    16.5MB

  • MD5

    31be8acd11aa5738dd970410adb597da

  • SHA1

    cd4d52b884066e1a47fd27b616cfafeb66225cde

  • SHA256

    e78a5ee885dc3b170a5e009aaf1a2db565ac1bf729a0c2195ebfe56420717abb

  • SHA512

    ee621bf362cd717d9b026f14e5ff1da5f28fbdb5c58dacd3a8da120e5472baaaef22b052a08d51d49b6dae30cf15178b588acd5cb3596c2e0f2ef533e467ba94

  • SSDEEP

    393216:Hl9Yl7Elel7ElAlQleTl/l/l/l/l/lzlml/lqlZlHl/l/l/l/l/l/lIlAl+lUl2+:JTXT

Score
10/10
asyncratagilenetrat

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VenomRAT_HVNC.exe
    "C:\Users\Admin\AppData\Local\Temp\VenomRAT_HVNC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4344
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:4944

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\a41ef880-d88e-4a33-9618-41469a92ce4d\AgileDotNetRT64.dll
      Filesize

      75KB

      MD5

      42b2c266e49a3acd346b91e3b0e638c0

      SHA1

      2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

      SHA256

      adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

      SHA512

      770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\a41ef880-d88e-4a33-9618-41469a92ce4d\AgileDotNetRT64.dll
      Filesize

      75KB

      MD5

      42b2c266e49a3acd346b91e3b0e638c0

      SHA1

      2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

      SHA256

      adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

      SHA512

      770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

      Download Submit
    • C:\Users\Admin\AppData\Local\VenomRAT_HVNC\VenomRAT_HVNC.exe_Url_5cz5fpuyjl12et1mepvmd5dp1sycc15w\5.0.4.0\3c5va4pa.newcfg
      Filesize

      459B

      MD5

      bcc5c03a535e667be5f555ecebd9e8ba

      SHA1

      200469a59924edfb906706caf83d1780bc4c6c18

      SHA256

      19fb41c1060c72be295baab9c6a564601d8461401f3f24315eead171c441e231

      SHA512

      547b2407dcdae631c79cb9894f8bf972f89929b9c6879a523ade0a73d4959f059565aab804e12aa98fbbbe3397e62f98705bed16ddd56b519793a28959b25ab5

      Download Submit
    • C:\Users\Admin\AppData\Local\VenomRAT_HVNC\VenomRAT_HVNC.exe_Url_5cz5fpuyjl12et1mepvmd5dp1sycc15w\5.0.4.0\user.config
      Filesize

      337B

      MD5

      b5763604c0fac9db744369988d8dc4d5

      SHA1

      1093595809be379a8112206e7bf7ce01d43e7f59

      SHA256

      124d4c2e09f12760def84a0e725944533405b41bc2f2fc481fb74c10fe7ba36a

      SHA512

      d475c1a8877347d9498280fa6080f9bdb8738a33b5030aea9e04a5ab9dd6e68e42f01d129667f51974fce5942ba1b0dda95d87490e1f387645df97dd3afa860c

      Download Submit
    • memory/4344-147-0x0000014F229C0000-0x0000014F229D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4344-148-0x0000014F229C0000-0x0000014F229D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4344-143-0x0000014F229C0000-0x0000014F229D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4344-144-0x0000014F229C0000-0x0000014F229D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4344-145-0x0000014F229C0000-0x0000014F229D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4344-146-0x0000014F27980000-0x0000014F27BD2000-memory.dmp
      Filesize

      2.3MB

      Download
    • memory/4344-133-0x0000014F07310000-0x0000014F083A0000-memory.dmp
      Filesize

      16.6MB

      Download
    • memory/4344-142-0x00007FFD41610000-0x00007FFD4175E000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/4344-149-0x0000014F229C0000-0x0000014F229D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4344-150-0x0000014F229C0000-0x0000014F229D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4344-151-0x0000014F27930000-0x0000014F2793A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/4344-152-0x0000014F229C0000-0x0000014F229D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4344-153-0x0000014F29E50000-0x0000014F2A0C8000-memory.dmp
      Filesize

      2.5MB

      Download
    • memory/4344-135-0x0000014F22DE0000-0x0000014F22FF0000-memory.dmp
      Filesize

      2.1MB

      Download
    • memory/4344-134-0x0000014F229C0000-0x0000014F229D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4344-241-0x0000014F229C0000-0x0000014F229D0000-memory.dmp
      Filesize

      64KB

      Download