Overview

overview

10

Static

static

10

ce8800c012...36.exe

windows7-x64

10

ce8800c012...36.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-04-2024 01:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce8800c01255f8167d532a238ded5770f518a8cc9e3656ee98e84357cada9336.exe

  • Size

    63KB

  • MD5

    0e0c04cb559e05121344da27d3c1a2c4

  • SHA1

    0be4de6637051d6ec60577135185dea7b154169d

  • SHA256

    ce8800c01255f8167d532a238ded5770f518a8cc9e3656ee98e84357cada9336

  • SHA512

    669ab70ae1aa09132e8d6e80d500d8d82e675775b6ed9a865ead6c766fab14a8c20499d6863192757988d48e3050d40d039b7f8058ddbd1d7dabb410f6e6d788

  • SSDEEP

    1536:AhIBLTM3Ufc0cMdmeeiIVrGbbXwoR8GGDpqKmY7:AhIBLTM3Ufc6d/eXGbbXtsgz

Score
10/10
asyncratvenom clientsrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

127.0.0.1:1337

127.0.0.1:14762

5.tcp.eu.ngrok.io:1337

5.tcp.eu.ngrok.io:14762
Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Detects executables attemping to enumerate video devices using WMI 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce8800c01255f8167d532a238ded5770f518a8cc9e3656ee98e84357cada9336.exe
    "C:\Users\Admin\AppData\Local\Temp\ce8800c01255f8167d532a238ded5770f518a8cc9e3656ee98e84357cada9336.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4548

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4548-0-0x0000000000270000-0x0000000000286000-memory.dmp
    Filesize

    88KB

    Download
  • memory/4548-1-0x00007FFCD5E30000-0x00007FFCD68F1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/4548-2-0x000000001AE80000-0x000000001AE90000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4548-3-0x00007FFCF3F10000-0x00007FFCF4105000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/4548-4-0x00007FFCD5E30000-0x00007FFCD68F1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/4548-5-0x000000001AE80000-0x000000001AE90000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4548-6-0x00007FFCF3F10000-0x00007FFCF4105000-memory.dmp
    Filesize

    2.0MB

    Download