asyncrat | b4acfbc4174469c9aff54043442223afe559dab84954e4b51b64756fe2b045ac

Resubmissions

27-09-2024 20:25

240927-y7q63azgkh 10

27-09-2024 20:17

240927-y2m78axelm 10

Analysis

max time kernel
83s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27-09-2024 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VenomRAT v6.0.3_p_/Venom RAT_p_.exe
Size

14.2MB
MD5

fb902fb0843e4f12d068b3bcd08b2e77
SHA1

96038a62a3ea6da4f11981f80ce4961ff50fbe4d
SHA256

2743f6791b5a525252a3e138d05ecda170d0fa758e1616cf96335648c572f068
SHA512

2c188572aadc906c6971ec13f0ae7b9f79c6a88a2fd34add00ee1b2d74f14cf895a86d2ba47036a1b1e7c8e00cd5adb0387baaea7fd5e5f93feaed98bb1dc6f6
SSDEEP

196608:Wja6chUZX81lbFklbYJygrP7aIBhLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95UhS1w:TT+P+Zw6NLIsFfskh1BmXG0w

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious behavior: EnumeratesProcesses 25 IoCs

Processes:

Venom RAT_p_.exe

pid	process
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe
3480	Venom RAT_p_.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Venom RAT_p_.exe

pid process

3480 Venom RAT_p_.exe
3480 Venom RAT_p_.exe

C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3_p_\Venom RAT_p_.exe
"C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3_p_\Venom RAT_p_.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3480

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3480-0-0x00007FFFAA273000-0x00007FFFAA275000-memory.dmp

Filesize
8KB

Download
memory/3480-1-0x000002A6F3E10000-0x000002A6F4C44000-memory.dmp

Filesize
14.2MB

Download
memory/3480-2-0x000002A6F85D0000-0x000002A6F99D4000-memory.dmp

Filesize
20.0MB

Download
memory/3480-3-0x000002A6F76E0000-0x000002A6F7BF2000-memory.dmp

Filesize
5.1MB

Download
memory/3480-4-0x000002A6F7420000-0x000002A6F7672000-memory.dmp

Filesize
2.3MB

Download
memory/3480-5-0x00007FFFAA270000-0x00007FFFAAD32000-memory.dmp

Filesize
10.8MB

Download
memory/3480-7-0x000002A6F73D0000-0x000002A6F7420000-memory.dmp

Filesize
320KB

Download
memory/3480-6-0x000002A6F7E30000-0x000002A6F7F08000-memory.dmp

Filesize
864KB

Download
memory/3480-8-0x000002A6FB200000-0x000002A6FB9BE000-memory.dmp

Filesize
7.7MB

Download
memory/3480-9-0x000002A6FC060000-0x000002A6FC6F2000-memory.dmp

Filesize
6.6MB

Download
memory/3480-10-0x000002A6FB9C0000-0x000002A6FBD5C000-memory.dmp

Filesize
3.6MB

Download
memory/3480-11-0x000002A6FC700000-0x000002A6FCB84000-memory.dmp

Filesize
4.5MB

Download
memory/3480-12-0x000002A6F76A0000-0x000002A6F76C0000-memory.dmp

Filesize
128KB

Download
memory/3480-13-0x00007FFFAA270000-0x00007FFFAAD32000-memory.dmp

Filesize
10.8MB

Download
memory/3480-14-0x000002A6FCB90000-0x000002A6FCDA2000-memory.dmp

Filesize
2.1MB

Download
memory/3480-15-0x00007FFFAA273000-0x00007FFFAA275000-memory.dmp

Filesize
8KB

Download
memory/3480-16-0x00007FFFAA270000-0x00007FFFAAD32000-memory.dmp

Filesize
10.8MB

Download