Overview

overview

10

Static

static

10

VenomRAT v...to.dll

windows7-x64

1

VenomRAT v...to.dll

windows10-2004-x64

1

VenomRAT v...nt.exe

windows7-x64

10

VenomRAT v...nt.exe

windows10-2004-x64

10

VenomRAT v...re.dll

windows7-x64

1

VenomRAT v...re.dll

windows10-2004-x64

1

VenomRAT v....2.dll

windows7-x64

1

VenomRAT v....2.dll

windows10-2004-x64

1

VenomRAT v....1.dll

windows7-x64

1

VenomRAT v....1.dll

windows10-2004-x64

1

VenomRAT v....2.dll

windows7-x64

1

VenomRAT v....2.dll

windows10-2004-x64

1

VenomRAT v....1.dll

windows7-x64

1

VenomRAT v....1.dll

windows10-2004-x64

1

VenomRAT v....2.dll

windows7-x64

1

VenomRAT v....2.dll

windows10-2004-x64

1

VenomRAT v...UI.dll

windows7-x64

1

VenomRAT v...UI.dll

windows10-2004-x64

1

VenomRAT v...per.js

windows7-x64

3

VenomRAT v...per.js

windows10-2004-x64

3

VenomRAT v...ker.js

windows7-x64

3

VenomRAT v...ker.js

windows10-2004-x64

3

VenomRAT v...em.vbs

windows7-x64

1

VenomRAT v...em.vbs

windows10-2004-x64

VenomRAT v...ify.js

windows7-x64

3

VenomRAT v...ify.js

windows10-2004-x64

3

VenomRAT v...Box.js

windows7-x64

3

VenomRAT v...Box.js

windows10-2004-x64

3

VenomRAT v...ms.vbs

windows7-x64

1

VenomRAT v...ms.vbs

windows10-2004-x64

1

VenomRAT v...gs.vbs

windows7-x64

1

VenomRAT v...gs.vbs

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VenomRAT v6.0.3 (+SOURCE).7z

  • Size

    73.7MB

  • Sample

    240925-qy67xs1gjb

  • MD5

    29c6c293c6723135cbe7b5d0fc3a3d20

  • SHA1

    17219c8998c1afa1bd7061276958e9ed54cbb393

  • SHA256

    46c17ffefbfcaa044cbbcbb33d6219da84538c22a51e53bff647c87da33a0bd9

  • SHA512

    d6833432820b6eb2828ffd88a3028f3b3b014176db76330ce5c3af5eeb80aac1d9816d81dfdaa11a972e59ed144551d60c1cf4b0568e5cc7dedcb6df033c12e1

  • SSDEEP

    1572864:4VI5gzIBQ4OZRbwhtq81vZ8KCNsuYk+8327i8Nd5Sr5:KIeIa4Atotq87BCyuz+BOKe5

Score
10/10
asyncratstormkittydefaultexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

95.216.52.21:7575

Mutex

xdnqiaxygefjfoolgo

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/BouncyCastle.Crypto.dll

    • Size

      2.5MB

    • MD5

      f0b3e112ce4807a28e2b5d66a840ed7f

    • SHA1

      54a6743781fd4ceb720331fce92f16186931192d

    • SHA256

      333903c7d22a27098e45fc64b77a264aa220605cfbd3e329c200d7e4b42c881c

    • SHA512

      dc8ec9754c5e86f7e54e75ff3e5859c1b057f90e9c41788037b944a5db2cb3b70060763d0efcbe55ec595bcc47a9c0ff847a4876821470ca1659c31afd5b0190

    • SSDEEP

      49152:OSSJ+G1PjodumkjD6Oc0mqHZwueCtbu9kQN:6xodumo6Lr

    Score
    1/10
    behavioral1behavioral2

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Client.exe

    • Size

      66KB

    • MD5

      3935ef8202cd8040741138a14b0655f0

    • SHA1

      54cf02cf472111b57ac5329a408b2f858e2f3b86

    • SHA256

      3a7efdc3d85adf7a5484ef17549db47be2a78b4b6892d93dd91958bb9a9edb82

    • SHA512

      cbc24bde07ec9d1372869ce697ba3fcc76a7be2b75122af1f283160551dfc2dd18f77bc24ed0fff37b49dc7c8b0ffd41001f238595bec0c4761a5f4a79ec5ff1

    • SSDEEP

      1536:0vWMO7xoQlzh4fZF9O8QQHFkYlTwVsbbXA/a2s9TDZVclN:HoR9O8QQHFk1sbbXh2sNzY

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat
    behavioral3behavioral4

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.Charts.v22.2.Core.dll

    • Size

      1023KB

    • MD5

      bcfa59a0896b924b2d8f1a50d4a1d970

    • SHA1

      5f0ad9f59f852023d5a1d3377bdf45ec2b45b52a

    • SHA256

      de682a0d612ec7d45a0accd8fbbb90db374d652ec68b52317170082a2afe7f31

    • SHA512

      604f26842788e851822915bb9e80ca2af392b8e82ae4cffa0160cc761303098795615e00356665117b4ee1be421d74d46b8ca13bca220bd97f04f7b575a5f4d3

    • SSDEEP

      12288:bBj6U3pbVIy5rPW9s9d9r6AXe2w8jnHXRM1bnMLdvzL2bpujxZZyNdqTfFlL31XA:Fj3f6Mw8jnHXQe7S0yWTfFJQMXn3AL

    Score
    1/10
    behavioral5behavioral6

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.CodeParser.v22.2.dll

    • Size

      1.7MB

    • MD5

      ec3a80bc6de2d32444c582f31c14000f

    • SHA1

      e4d880a4845095b18cc13b98d2d8f46d2c894a36

    • SHA256

      aa74c8d4b98543a9f277860c7d11a64d762b4dd20d93acdbe0e4193fb69d5245

    • SHA512

      7b469292db8fdb315a0647a060e28f6d2a5ff9fce81e4a5d8db9438b28fec7144b9ab02177fe8cb4bf7a54c407c8dca9dbfed437e8f0b71ead1bab2043b90eef

    • SSDEEP

      24576:O2pK1qXadH/E7i39l5/uwPSs/Eq9VtPRRJ/Jf/j6y0xkW9C3/TQjZU:G6K5/up6nPBt09CvTQu

    Score
    1/10
    behavioral7behavioral8

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.Data.Desktop.v22.1.dll

    • Size

      838KB

    • MD5

      e59c802bbbc1ebc554f3f7b6a3259ee1

    • SHA1

      fdb4fa99e15d6519f18f7afe972fb2b128c5caf4

    • SHA256

      d13e0c266cb9b98a911bbb87fd94cd9e5125e3bff93bb9b1032271e7507ef2f6

    • SHA512

      34aa13fd54fa262405e68c5f915192fe02b9d2c6560f36c5a5c93ec399407b47996e2d4ed88c22286cc6d578a4356353a9540a729684272611350c4665119e73

    • SSDEEP

      12288:XzcvADexPaUb6wZPYj8vtvrlecLHP2+jXSwatzuHkrYCX1TSahOr1LZKHVoiXw+E:D5DexdNZPYj8zecLv2+jCXVGsYs

    Score
    1/10
    behavioral10behavioral9

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.Data.Desktop.v22.2.dll

    • Size

      912KB

    • MD5

      03c9a3454f296dba13b5d4a70c3f1504

    • SHA1

      0b19ead85b4775f44b488cd99623b7ae6515d0ca

    • SHA256

      d405116805f243c6852b06b70e9cfca68837a2eb918d53247c6ae69c21b093a2

    • SHA512

      a5c90806a68b6e1051a2d444a57ae216683ce42b419723fc1b9e29bf98149c7c9b2d7345e45cb3c76f57c7b8fd1cee7404c7c3ee7a39c4966db301c649ce30e2

    • SSDEEP

      24576:WkZ0Hy8pATSVJLTJ8esj+ye2L95PlYfBxgA9QphiP6sLDip:giGqesB+QpkP6s+

    Score
    1/10
    behavioral11behavioral12

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.Data.v22.1.dll

    • Size

      5.0MB

    • MD5

      5c3017ec9073a7a4f3351440c3daaa8a

    • SHA1

      ee1f73f8618439fc8a42f38b32760367bd5ce6b5

    • SHA256

      e8d4940767c992e14acb77ba1140d5dac56683afe5096e1b08408b0767466e33

    • SHA512

      5d98631f754067e659400183134024cc2a4c22ba4a43ddf592791e01eca5cf1530eabcc4ee34beb7507c56dd02a80ba4704db389753a3119657e1d822c68c02a

    • SSDEEP

      49152:fJJHcStFUzQUnI8id8LDaWdFH6cvmhHgVYFvFWcp/ldRzaxO0zC96S1qBdFBWhRo:fJJH1gzh9iSLDCHgVYFvFXTda

    Score
    1/10
    behavioral13behavioral14

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.Data.v22.2.dll

    • Size

      5.1MB

    • MD5

      972235bfefa9a46cf8c4f3461546822d

    • SHA1

      1207b99cf9c961d756607567b321a2e3da0fa4bf

    • SHA256

      02653d88be212ba3753ee8e87c13159a2ce48250c6c7a05f21091924eb6953d2

    • SHA512

      ad22e1a84ae11e132463b20453c0d482591cbfc923251c802a7ae4693f0475a043d1f03f411ecdcab015dd99914e63a1f9736680d91e6825bb4b53c0d30bcd03

    • SSDEEP

      98304:ZynaqG9bqBpIyn5f+byY7OCognQtqJnnC/wnnLs0mV52GFi8ajXXREyicBhydxbq:HXREyicBhsE

    Score
    1/10
    behavioral15behavioral16

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/DevExpress.DataAccess.v22.2.UI.dll

    • Size

      1.1MB

    • MD5

      58d916af93509dd6242bb1a8480f1411

    • SHA1

      6c9be26a8b77c90df8b056828e2f0748e83fdb12

    • SHA256

      f8a4f0ce3e38e1e750ce84231423600dbda276ba561f1a3bfc0ca142c7bc502a

    • SHA512

      8be93d1131efed14fc3d1e788aeb639d2077cd8d664c269e4dd56836cda765bb663c67d6c17bbfb2262d9cd0041c5d2dddb6f27380b1f52e040db30bc8739a6d

    • SSDEEP

      12288:+1Bih715T8HAPj4LrUM+iTzbMUe7B+VBBDgipnI7fbPg2yEqWCpWw:Eih1Pj4H/FwjLeKqWvw

    Score
    1/10
    behavioral17behavioral18

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Source Code/Helper/RegistryKeyHelper.cs

    • Size

      3KB

    • MD5

      e899b2e55a077821b065d7c37b69be73

    • SHA1

      576b724dac36426c45e8fbc185c3defb6fd8da5b

    • SHA256

      43e55b01c8ab6f7076e0846daf9f2174bd1ec1f2c49df862ed093b94c71cd80f

    • SHA512

      ee3a81eaacc5d321e68f15935dcacb1552afe8955cf0230ae9bf5eba8450b2079263968dd70bdee5d68c1bd617060cabdbeca619ecce281f3f0b6bb7fca9a6d3

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Source Code/Helper/RegistrySeeker.cs

    • Size

      4KB

    • MD5

      371e883334ed081f5460aa48ae81b008

    • SHA1

      c066a4d4b60bf8f09795e642cda63d3b55b83a6d

    • SHA256

      2c4428d31b57758446407ce3d0dcb3c9b45578f9f3c0eace03d3e85572deb9c7

    • SHA512

      eb7e3c65d7610977b6042be8728fab91132e823c2e4ac2fddb1963c9c07c0c18e3b97e7d8e12f0601db3a1ca2548d6cb49b513e30c1105e83dbf9987ee7f8deb

    • SSDEEP

      96:Co4s1yywfRFSnBrJ/FGjUU+W/BfrjiybIVXsYed8QngXZMkgLasSedSQSgSZ0mLK:Yy0ZErJtGjIW/BfrjigtjbgpMkgz1VfX

    Score
    3/10
    execution
    behavioral21behavioral22

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Source Code/Helper/RegistryValueLstItem.cs

    • Size

      1KB

    • MD5

      93ecf2ea2be1b8c42bde29af788a3c19

    • SHA1

      4dcf98304df2e7090a9e99be30e5d1104d35bfd8

    • SHA256

      5b6232cb07d873994b186eb29c2a671c4574d85fb741eb3425edc8b95947bcad

    • SHA512

      b3d35d91131e9f1150a8bc08a9df00d0baa2517b390d247553521b0f90d5df5c91e5098fc010e3d86c707fd1b4a58734cc8c4e159f70e68311070dbd57ff0f8d

    Score
    1/10
    behavioral23behavioral24

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Source Code/Helper/TelegramNotify.cs

    • Size

      561B

    • MD5

      e8f7ac632a0e55aaf483454657f9ed94

    • SHA1

      1df19ca081b342596810e916d17109c682ba8e1f

    • SHA256

      7743c6e53e9201b9014d7b7302e258f2cc2421c440c43f2b2c40f51f9a1bea5f

    • SHA512

      b1174a888d8b7dea247db39f1a68a02a1bd4543dc60fb65f432b4d5eda8c7d22df04dab098ff06fc7051b031ac20115a618f51c043a940337843bddb0583e28f

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Source Code/Helper/WordTextBox.cs

    • Size

      3KB

    • MD5

      d3acf77b98823554278215a70884c0aa

    • SHA1

      8b3b45cb6dfdc481dc17c1881c754a8ddd661a89

    • SHA256

      d7abef2dbac887746e25eb6fc298bb8514fd41b0db9702023c00269751047c5e

    • SHA512

      b40ba3cd039f8445adcf7f912e1892ff795d8ca47443e9359a156ef6c885f99b07e0e41e3b091cf9b982ad44af27c35f75c8660093fb51c63bfae8cf0646d0d7

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Source Code/Params/KeylogParams.cs

    • Size

      1KB

    • MD5

      387028585bc46163e05dfef0d12b8c2b

    • SHA1

      1e2435782ceb9f424e8076415f43b79adcdb3ad5

    • SHA256

      8fbcb22c04c822ca8fdfcfc73530ee86bbdfb3409296e5b7fde2335d49260dcb

    • SHA512

      29e5ff340380acdbedfa867ecddd026f4fb22d2d7926a8ca00220edbc2c22f03c4308428c456f5f60e047e89412e3a2b6ecf0c5dc54ab34496d71630e0c79c5c

    Score
    1/10
    behavioral29behavioral30

    • Target

      VenomRAT v6.0.3 (+SOURCE)/VenomRAT v6.0.3 (SOURCE)/Source Code/Properties/Settings.cs

    • Size

      6KB

    • MD5

      d5537d6b1c7a3c41fd9a8f1401155de3

    • SHA1

      a8f7f2932c7426c22a7f93df6a3379319183a084

    • SHA256

      2b470ad54977b5667857f20bf06f70a5f0b725290546facbb02027d5f46bec40

    • SHA512

      503cd607052ddb314fdcc1d828e54dfdb8b46fcfb7132099ef7a5cc7daebb48aece82d850c4f6cd64c92a0cb20fa9d10be730d15ac481d9fbeec4f54e6344af0

    • SSDEEP

      192:VGG6gZ060rAlJZltDlN7lRFljwld8l5DlR1lbfAlLGlfXlTGeMpllWlMD1llllGb:VGG6gN0rIJvtRNJR7jYd05RRLbfILWfz

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

ratdefaultasyncratstormkitty
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

asyncratdefaultrat
Score
10/10

behavioral4

asyncratdefaultrat
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10