Resubmissions

29-06-2024 00:45

240629-a341cswgqa 10

General

  • Target

    VenomRAT v6.0.3 (+SOURCE).7z

  • Size

    73.7MB

  • Sample

    240629-a341cswgqa

  • MD5

    29c6c293c6723135cbe7b5d0fc3a3d20

  • SHA1

    17219c8998c1afa1bd7061276958e9ed54cbb393

  • SHA256

    46c17ffefbfcaa044cbbcbb33d6219da84538c22a51e53bff647c87da33a0bd9

  • SHA512

    d6833432820b6eb2828ffd88a3028f3b3b014176db76330ce5c3af5eeb80aac1d9816d81dfdaa11a972e59ed144551d60c1cf4b0568e5cc7dedcb6df033c12e1

  • SSDEEP

    1572864:4VI5gzIBQ4OZRbwhtq81vZ8KCNsuYk+8327i8Nd5Sr5:KIeIa4Atotq87BCyuz+BOKe5

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

95.216.52.21:7575

Mutex

xdnqiaxygefjfoolgo

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      VenomRAT v6.0.3 (+SOURCE).7z

    • Size

      73.7MB

    • MD5

      29c6c293c6723135cbe7b5d0fc3a3d20

    • SHA1

      17219c8998c1afa1bd7061276958e9ed54cbb393

    • SHA256

      46c17ffefbfcaa044cbbcbb33d6219da84538c22a51e53bff647c87da33a0bd9

    • SHA512

      d6833432820b6eb2828ffd88a3028f3b3b014176db76330ce5c3af5eeb80aac1d9816d81dfdaa11a972e59ed144551d60c1cf4b0568e5cc7dedcb6df033c12e1

    • SSDEEP

      1572864:4VI5gzIBQ4OZRbwhtq81vZ8KCNsuYk+8327i8Nd5Sr5:KIeIa4Atotq87BCyuz+BOKe5

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Executes dropped EXE

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/BouncyCastle.Crypto.dll

    • Size

      2.5MB

    • MD5

      f0b3e112ce4807a28e2b5d66a840ed7f

    • SHA1

      54a6743781fd4ceb720331fce92f16186931192d

    • SHA256

      333903c7d22a27098e45fc64b77a264aa220605cfbd3e329c200d7e4b42c881c

    • SHA512

      dc8ec9754c5e86f7e54e75ff3e5859c1b057f90e9c41788037b944a5db2cb3b70060763d0efcbe55ec595bcc47a9c0ff847a4876821470ca1659c31afd5b0190

    • SSDEEP

      49152:OSSJ+G1PjodumkjD6Oc0mqHZwueCtbu9kQN:6xodumo6Lr

    Score
    1/10
    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Client.exe

    • Size

      66KB

    • MD5

      3935ef8202cd8040741138a14b0655f0

    • SHA1

      54cf02cf472111b57ac5329a408b2f858e2f3b86

    • SHA256

      3a7efdc3d85adf7a5484ef17549db47be2a78b4b6892d93dd91958bb9a9edb82

    • SHA512

      cbc24bde07ec9d1372869ce697ba3fcc76a7be2b75122af1f283160551dfc2dd18f77bc24ed0fff37b49dc7c8b0ffd41001f238595bec0c4761a5f4a79ec5ff1

    • SSDEEP

      1536:0vWMO7xoQlzh4fZF9O8QQHFkYlTwVsbbXA/a2s9TDZVclN:HoR9O8QQHFk1sbbXh2sNzY

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.Charts.v22.2.Core.dll

    • Size

      1023KB

    • MD5

      bcfa59a0896b924b2d8f1a50d4a1d970

    • SHA1

      5f0ad9f59f852023d5a1d3377bdf45ec2b45b52a

    • SHA256

      de682a0d612ec7d45a0accd8fbbb90db374d652ec68b52317170082a2afe7f31

    • SHA512

      604f26842788e851822915bb9e80ca2af392b8e82ae4cffa0160cc761303098795615e00356665117b4ee1be421d74d46b8ca13bca220bd97f04f7b575a5f4d3

    • SSDEEP

      12288:bBj6U3pbVIy5rPW9s9d9r6AXe2w8jnHXRM1bnMLdvzL2bpujxZZyNdqTfFlL31XA:Fj3f6Mw8jnHXQe7S0yWTfFJQMXn3AL

    Score
    1/10
    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.CodeParser.v22.2.dll

    • Size

      1.7MB

    • MD5

      ec3a80bc6de2d32444c582f31c14000f

    • SHA1

      e4d880a4845095b18cc13b98d2d8f46d2c894a36

    • SHA256

      aa74c8d4b98543a9f277860c7d11a64d762b4dd20d93acdbe0e4193fb69d5245

    • SHA512

      7b469292db8fdb315a0647a060e28f6d2a5ff9fce81e4a5d8db9438b28fec7144b9ab02177fe8cb4bf7a54c407c8dca9dbfed437e8f0b71ead1bab2043b90eef

    • SSDEEP

      24576:O2pK1qXadH/E7i39l5/uwPSs/Eq9VtPRRJ/Jf/j6y0xkW9C3/TQjZU:G6K5/up6nPBt09CvTQu

    Score
    1/10
    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.Data.Desktop.v22.1.dll

    • Size

      838KB

    • MD5

      e59c802bbbc1ebc554f3f7b6a3259ee1

    • SHA1

      fdb4fa99e15d6519f18f7afe972fb2b128c5caf4

    • SHA256

      d13e0c266cb9b98a911bbb87fd94cd9e5125e3bff93bb9b1032271e7507ef2f6

    • SHA512

      34aa13fd54fa262405e68c5f915192fe02b9d2c6560f36c5a5c93ec399407b47996e2d4ed88c22286cc6d578a4356353a9540a729684272611350c4665119e73

    • SSDEEP

      12288:XzcvADexPaUb6wZPYj8vtvrlecLHP2+jXSwatzuHkrYCX1TSahOr1LZKHVoiXw+E:D5DexdNZPYj8zecLv2+jCXVGsYs

    Score
    1/10
    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.Data.Desktop.v22.2.dll

    • Size

      912KB

    • MD5

      03c9a3454f296dba13b5d4a70c3f1504

    • SHA1

      0b19ead85b4775f44b488cd99623b7ae6515d0ca

    • SHA256

      d405116805f243c6852b06b70e9cfca68837a2eb918d53247c6ae69c21b093a2

    • SHA512

      a5c90806a68b6e1051a2d444a57ae216683ce42b419723fc1b9e29bf98149c7c9b2d7345e45cb3c76f57c7b8fd1cee7404c7c3ee7a39c4966db301c649ce30e2

    • SSDEEP

      24576:WkZ0Hy8pATSVJLTJ8esj+ye2L95PlYfBxgA9QphiP6sLDip:giGqesB+QpkP6s+

    Score
    1/10
    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.Data.v22.1.dll

    • Size

      5.0MB

    • MD5

      5c3017ec9073a7a4f3351440c3daaa8a

    • SHA1

      ee1f73f8618439fc8a42f38b32760367bd5ce6b5

    • SHA256

      e8d4940767c992e14acb77ba1140d5dac56683afe5096e1b08408b0767466e33

    • SHA512

      5d98631f754067e659400183134024cc2a4c22ba4a43ddf592791e01eca5cf1530eabcc4ee34beb7507c56dd02a80ba4704db389753a3119657e1d822c68c02a

    • SSDEEP

      49152:fJJHcStFUzQUnI8id8LDaWdFH6cvmhHgVYFvFWcp/ldRzaxO0zC96S1qBdFBWhRo:fJJH1gzh9iSLDCHgVYFvFXTda

    Score
    1/10
    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.Data.v22.2.dll

    • Size

      5.1MB

    • MD5

      972235bfefa9a46cf8c4f3461546822d

    • SHA1

      1207b99cf9c961d756607567b321a2e3da0fa4bf

    • SHA256

      02653d88be212ba3753ee8e87c13159a2ce48250c6c7a05f21091924eb6953d2

    • SHA512

      ad22e1a84ae11e132463b20453c0d482591cbfc923251c802a7ae4693f0475a043d1f03f411ecdcab015dd99914e63a1f9736680d91e6825bb4b53c0d30bcd03

    • SSDEEP

      98304:ZynaqG9bqBpIyn5f+byY7OCognQtqJnnC/wnnLs0mV52GFi8ajXXREyicBhydxbq:HXREyicBhsE

    Score
    1/10
    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.DataAccess.v22.2.UI.dll

    • Size

      1.1MB

    • MD5

      58d916af93509dd6242bb1a8480f1411

    • SHA1

      6c9be26a8b77c90df8b056828e2f0748e83fdb12

    • SHA256

      f8a4f0ce3e38e1e750ce84231423600dbda276ba561f1a3bfc0ca142c7bc502a

    • SHA512

      8be93d1131efed14fc3d1e788aeb639d2077cd8d664c269e4dd56836cda765bb663c67d6c17bbfb2262d9cd0041c5d2dddb6f27380b1f52e040db30bc8739a6d

    • SSDEEP

      12288:+1Bih715T8HAPj4LrUM+iTzbMUe7B+VBBDgipnI7fbPg2yEqWCpWw:Eih1Pj4H/FwjLeKqWvw

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks