Overview

overview

10

Static

static

10

GMAIL/Gmail.exe

windows11-21h2-x64

3

GMAIL/Leaf.xNet.js

windows11-21h2-x64

3

Instagram VM.exe

windows11-21h2-x64

6

Randome/La...p_.rar

windows11-21h2-x64

3

LazyAIO/LazyAIO.exe

windows11-21h2-x64

7

Randome/Minecraft.rar

windows11-21h2-x64

3

Minecraft/...ft.exe

windows11-21h2-x64

4

VenomRAT v...nt.exe

windows11-21h2-x64

10

Resubmissions

27-09-2024 20:25

240927-y7q63azgkh 10

27-09-2024 20:17

240927-y2m78axelm 10

Analysis

  • max time kernel
    386s
  • max time network
    407s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-09-2024 20:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VenomRAT v6.0.3_p_/Client.exe

  • Size

    73KB

  • MD5

    5d6802a39c1bea84e1bd3e6ba23b7bbb

  • SHA1

    17b6040dcd0dc6c0cf794b6d95ed4da0f07ef0b9

  • SHA256

    d1fd56cb9943f5b185c8ee52a34f7ea4d34c5091f77ea18138f1d13a8951dd5e

  • SHA512

    55df1ab721022d363b6d454ab496b7cc542702edda0525037cc8f0c33a1d93bc50ed62be8d4b95ba1248d7fee5b806d599ddce5e3ff6a9d4464e3047a0ee799d

  • SSDEEP

    1536:LUUPcxVteCW7PMVee9VdQkhDIyH1bf/mc6QzcajVclNw:LUmcxV4x7PMVee9VdQgH1bfd6QLJY+

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

93.82.44.26:4040

Mutex

nheplizwdi

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3_p_\Client.exe
    "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3_p_\Client.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:6020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/6020-1-0x0000000000FF0000-0x0000000001006000-memory.dmp

    Filesize

    88KB

    Download

  • memory/6020-0-0x00007FFA97193000-0x00007FFA97195000-memory.dmp

    Filesize

    8KB

    Download

  • memory/6020-3-0x00007FFA97190000-0x00007FFA97C52000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/6020-4-0x00007FFA97190000-0x00007FFA97C52000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/6020-5-0x00007FFA97193000-0x00007FFA97195000-memory.dmp

    Filesize

    8KB

    Download

  • memory/6020-6-0x00007FFA97190000-0x00007FFA97C52000-memory.dmp

    Filesize

    10.8MB

    Download