Overview

overview

10

Static

static

1

venom.bat

windows10-1703-x64

10

venom.bat

windows10-2004-x64

10

venom.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    venom.bat

  • Size

    288KB

  • Sample

    240427-mp3atshd7v

  • MD5

    0556860b2bec64c650bedb8802a0888a

  • SHA1

    1f185ddb90fa103b6528f8677cc525d721c05cda

  • SHA256

    882b8c8f791c67dfa694af25a1683495fea1153e1fb4beb2dca8872634cf0563

  • SHA512

    7aea927a4f64f28b2159305ffc324d69c43d1e6609d2bec86eec670065b5c036925f432a01ba9b587e2c71998d130a158a35b7a65c70428097775ceeb57251af

  • SSDEEP

    6144:nbUZ2FTkPfpSMAbGPETqjAuG29DVDnZh8uz4TCKi+3wzofbc9l:n2MTkXpxAsEmjAuv9Dp787TViU0ic9l

Score
10/10
asyncratniggerrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

nigger

Mutex

usaoasdioniosdfiondsinonis

Attributes
  • delay

    1

  • install

    true

  • install_file

    bfcdfgdzgdz.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/iGYYnmF4

aes.plain

Targets

    • Target

      venom.bat

    • Size

      288KB

    • MD5

      0556860b2bec64c650bedb8802a0888a

    • SHA1

      1f185ddb90fa103b6528f8677cc525d721c05cda

    • SHA256

      882b8c8f791c67dfa694af25a1683495fea1153e1fb4beb2dca8872634cf0563

    • SHA512

      7aea927a4f64f28b2159305ffc324d69c43d1e6609d2bec86eec670065b5c036925f432a01ba9b587e2c71998d130a158a35b7a65c70428097775ceeb57251af

    • SSDEEP

      6144:nbUZ2FTkPfpSMAbGPETqjAuG29DVDnZh8uz4TCKi+3wzofbc9l:n2MTkXpxAsEmjAuv9Dp787TViU0ic9l

    Score
    10/10
    asyncratniggerrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks