General
-
Target
Venom5-HVNC-Rat.rar
-
Size
8.8MB
-
Sample
231104-xqlpksdb7w
-
MD5
f84fed326b9437ee25ef3164688bd940
-
SHA1
e510ad05bf62d925f711a404e22d0b78170fb25d
-
SHA256
883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97
-
SHA512
6612cace68d8093d7ee756b3054322283ad48c3397f47d312a9a780996c8e75ac46d179632f1678d0eec728d7e384faa6467a4b752319dd4396e0b6fa6916a1d
-
SSDEEP
196608:TWtEMYTCvgcJm2KCQtuHTkJJkz5A9bLJgEM4TsZBkuCq4:i1YTCvgcJipgmC+nTsZBkun4
Behavioral task
behavioral1
Sample
Venom5-HVNC-Rat.rar
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
Venom5-HVNC-Rat.rar
Resource
win10-20231020-en
Malware Config
Extracted
arrowrat
%Group%
%Hosts%:%Ports%
%MTX%
Targets
-
-
Target
Venom5-HVNC-Rat.rar
-
Size
8.8MB
-
MD5
f84fed326b9437ee25ef3164688bd940
-
SHA1
e510ad05bf62d925f711a404e22d0b78170fb25d
-
SHA256
883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97
-
SHA512
6612cace68d8093d7ee756b3054322283ad48c3397f47d312a9a780996c8e75ac46d179632f1678d0eec728d7e384faa6467a4b752319dd4396e0b6fa6916a1d
-
SSDEEP
196608:TWtEMYTCvgcJm2KCQtuHTkJJkz5A9bLJgEM4TsZBkuCq4:i1YTCvgcJipgmC+nTsZBkun4
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-