asyncrat | 7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08-08-2024 14:49

Target

VenomRATHVNCStealerGrabber.exe
Size

14.2MB
MD5

3b3a304c6fc7a3a1d9390d7cbff56634
SHA1

e8bd5244e6362968f5017680da33f1e90ae63dd7
SHA256

7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58
SHA512

7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5
SSDEEP

196608:Nja6chUZX81lbFklbYJygrP7aIBhLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95UhS14:qT+P+Zw6NLIsFfskh1BmXG04

Score

10^/10

asyncrat rat

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

Processes:

resource	yara_rule
behavioral1/memory/2400-1-0x00000000005B0000-0x00000000013E4000-memory.dmp	VenomRAT

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

VenomRATHVNCStealerGrabber.exe

description	pid	process	target process
PID 2400 wrote to memory of 2076	2400	VenomRATHVNCStealerGrabber.exe	WerFault.exe
PID 2400 wrote to memory of 2076	2400	VenomRATHVNCStealerGrabber.exe	WerFault.exe
PID 2400 wrote to memory of 2076	2400	VenomRATHVNCStealerGrabber.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe
"C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2400 -s 528
  2⤵
  PID:2076

memory/2400-0-0x000007FEF5463000-0x000007FEF5464000-memory.dmp

Filesize
4KB

Download
memory/2400-1-0x00000000005B0000-0x00000000013E4000-memory.dmp

Filesize
14.2MB

Download
memory/2400-2-0x000007FEF5463000-0x000007FEF5464000-memory.dmp

Filesize
4KB

Download