Overview

overview

10

Static

static

1

xff.cmd

windows7-x64

10

xff.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xff.cmd

  • Size

    6KB

  • Sample

    240523-w8cnysca69

  • MD5

    7b90a6964decffe69d5a3f43d4285498

  • SHA1

    9e2982f4c58624952f26322fd7eff379af540586

  • SHA256

    b84eb711989fbe9e0ff3ec874b5a0dac33655d27929fdce619ea94a35dca8953

  • SHA512

    f95ac4691adb65fe56c981567c2ea79bb786f38305ae0280da1c41f48c7f34d72fdc22737835096046590036353ec33295f1c6378987f1d9354356accd650b68

  • SSDEEP

    96:Svgs1WudsEONjKlXPi3+mB0AT1DLkHjXTIo6wwPtsRmNga74vGyr:SN0ysEOKjMlTxiDEwqtLNga0N

Score
10/10
asyncratvenom clientsexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

xvern429.duckdns.org:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      xff.cmd

    • Size

      6KB

    • MD5

      7b90a6964decffe69d5a3f43d4285498

    • SHA1

      9e2982f4c58624952f26322fd7eff379af540586

    • SHA256

      b84eb711989fbe9e0ff3ec874b5a0dac33655d27929fdce619ea94a35dca8953

    • SHA512

      f95ac4691adb65fe56c981567c2ea79bb786f38305ae0280da1c41f48c7f34d72fdc22737835096046590036353ec33295f1c6378987f1d9354356accd650b68

    • SSDEEP

      96:Svgs1WudsEONjKlXPi3+mB0AT1DLkHjXTIo6wwPtsRmNga74vGyr:SN0ysEOKjMlTxiDEwqtLNga0N

    Score
    10/10
    asyncratvenom clientsexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks