Overview

overview

10

Static

static

1

rupdate.cmd

windows7-x64

1

rupdate.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rupdate.cmd

  • Size

    61KB

  • Sample

    240311-yrrgwsch4w

  • MD5

    e2c6aa50d199d28c6c91c31f4a0cecad

  • SHA1

    281110edb18aa02b0f7bda95842bbfc89fa18df3

  • SHA256

    ff563d075c5fc7628d94f0d8e4c3d594bb1cefb40faa995211d5bd854f87573b

  • SHA512

    769f9fdff4bb299047733cc899303b1c4af2db0c72dba2aa13c7f1635c8256ee3e06a5ff46755f6c337fb4a87ae0c6d07288cc21fba84d2fa54800a8553a75cf

  • SSDEEP

    1536:fvRba4CqbY73esiV0iqdvcl0odSVZnm+C:XsfesipWvUw2

Score
10/10
asyncratvenom clientsrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

momentdhs.duckdns.org:8897

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      rupdate.cmd

    • Size

      61KB

    • MD5

      e2c6aa50d199d28c6c91c31f4a0cecad

    • SHA1

      281110edb18aa02b0f7bda95842bbfc89fa18df3

    • SHA256

      ff563d075c5fc7628d94f0d8e4c3d594bb1cefb40faa995211d5bd854f87573b

    • SHA512

      769f9fdff4bb299047733cc899303b1c4af2db0c72dba2aa13c7f1635c8256ee3e06a5ff46755f6c337fb4a87ae0c6d07288cc21fba84d2fa54800a8553a75cf

    • SSDEEP

      1536:fvRba4CqbY73esiV0iqdvcl0odSVZnm+C:XsfesipWvUw2

    Score
    10/10
    asyncratvenom clientsrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks