Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-09-2024 22:36

General

  • Target

    a09035a9cd132dd88ba6d52014dd2c8942e3f87402b9141c5b37161e82344021N.exe

  • Size

    74KB

  • MD5

    db933e797e8b5909d738c98158584ec0

  • SHA1

    1fdf7c41cbaf84038f1ce61ee942d50d323771e3

  • SHA256

    a09035a9cd132dd88ba6d52014dd2c8942e3f87402b9141c5b37161e82344021

  • SHA512

    9bc6df804fcbe2bcf9ce0655cb1e650a685e0cbd642c5c7a89b2225921d7db98ca2dd9aa3d7f97ea09f2925636d4682b8883c9802d2baec2a841b4c6d553fc2c

  • SSDEEP

    1536:gUUPcxVteCW7PMV4Tr7CBISH1b8/ZKOXQzcyLVclN:gUmcxV4x7PMVJ9H1b8xKyQjBY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

172.94.18.237:4449

172.94.18.237:4444

Mutex

mocydqmpakphke

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • VenomRAT 1 IoCs

    Detects VenomRAT.

  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a09035a9cd132dd88ba6d52014dd2c8942e3f87402b9141c5b37161e82344021N.exe
    "C:\Users\Admin\AppData\Local\Temp\a09035a9cd132dd88ba6d52014dd2c8942e3f87402b9141c5b37161e82344021N.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/840-0-0x000007FEF6443000-0x000007FEF6444000-memory.dmp

    Filesize

    4KB

  • memory/840-1-0x0000000000300000-0x0000000000318000-memory.dmp

    Filesize

    96KB

  • memory/840-3-0x000007FEF6440000-0x000007FEF6E2C000-memory.dmp

    Filesize

    9.9MB

  • memory/840-4-0x000007FEF6440000-0x000007FEF6E2C000-memory.dmp

    Filesize

    9.9MB

  • memory/840-5-0x000007FEF6443000-0x000007FEF6444000-memory.dmp

    Filesize

    4KB

  • memory/840-6-0x000007FEF6440000-0x000007FEF6E2C000-memory.dmp

    Filesize

    9.9MB

  • memory/840-7-0x000007FEF6440000-0x000007FEF6E2C000-memory.dmp

    Filesize

    9.9MB