General

  • Target

    VenomRatV6.0.1-main.zip

  • Size

    53.0MB

  • Sample

    240505-ytjj3ace4x

  • MD5

    b8dbc96e3d671252cc413969dc7664ae

  • SHA1

    d4a65f5d263d81c4e3a8392f1ee25433c51d6eec

  • SHA256

    839d3a89a01c66dc0d9d24a856d582be7acc57f09179875b638e67a9bc807832

  • SHA512

    ec8f6e46dab85c3ee030a5c31476207a85bc917fefea00962780fdf190193b2c1cf59e7b15adb878b2cd1834529d2c29ef05caf46dfb7aad7e8fa59529139128

  • SSDEEP

    1572864:BM87IBOZdbGYOoiOPS3T55+EEqssc3SHQUU+ey:Bz7wO7bGYFico55REqLZZU+ey

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

127.0.0.1:53779

192.168.56.1:4449

192.168.56.1:53779

Mutex

exltifvagxxleqed

Attributes
  • delay

    1

  • install

    true

  • install_file

    SystemUpdateX64.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      VenomRatV6.0.1-main/VenomRATV6.0.1/VenomRAT + HVNC + Stealer + Grabber.exe

    • Size

      14.2MB

    • MD5

      b3eedc8a21cd7f2759b9b2309ff784e5

    • SHA1

      26a2f5f4347d8d1c0a947999ac1b97cccbe0e9e1

    • SHA256

      1a20768cb595389a5401a67a7a9c4e8a8b955490e6029862ea92060d3a3f9ecf

    • SHA512

      041b3adf93bdbd763e60b311573ac2296d2c3cebb585388f97663dbfa5655ec5c2f9812e23de8b7230bdd3662895efe6668dc90828030effc8e83608e7f06616

    • SSDEEP

      196608:NmNN313h372jwxpXGIYmVXemCjncvlDRZCh/w1CMj2O:NYN31Jye2IYmZemCjcvl1ZCh/w1p5

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks