General

  • Target

    Venom5-HVNC-Rat.rar

  • Size

    8.8MB

  • Sample

    231104-xqlpksdb7w

  • MD5

    f84fed326b9437ee25ef3164688bd940

  • SHA1

    e510ad05bf62d925f711a404e22d0b78170fb25d

  • SHA256

    883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97

  • SHA512

    6612cace68d8093d7ee756b3054322283ad48c3397f47d312a9a780996c8e75ac46d179632f1678d0eec728d7e384faa6467a4b752319dd4396e0b6fa6916a1d

  • SSDEEP

    196608:TWtEMYTCvgcJm2KCQtuHTkJJkz5A9bLJgEM4TsZBkuCq4:i1YTCvgcJipgmC+nTsZBkun4

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

C2

%Hosts%:%Ports%

Mutex

%MTX%

Targets

    • Target

      Venom5-HVNC-Rat.rar

    • Size

      8.8MB

    • MD5

      f84fed326b9437ee25ef3164688bd940

    • SHA1

      e510ad05bf62d925f711a404e22d0b78170fb25d

    • SHA256

      883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97

    • SHA512

      6612cace68d8093d7ee756b3054322283ad48c3397f47d312a9a780996c8e75ac46d179632f1678d0eec728d7e384faa6467a4b752319dd4396e0b6fa6916a1d

    • SSDEEP

      196608:TWtEMYTCvgcJm2KCQtuHTkJJkz5A9bLJgEM4TsZBkuCq4:i1YTCvgcJipgmC+nTsZBkun4

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks