Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09-10-2024 20:20
Behavioral task
behavioral1
Sample
venomrat.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
General
-
Target
venomrat.exe
-
Size
74KB
-
MD5
97d38e8fc62403858ed77ea4dcc8d5d3
-
SHA1
3e04032392cdbd91b0e1f59b6ad472c68788ea8a
-
SHA256
a08dacbe24961799a348ccb18adb5d56f34059136fba358fa432cacfec6c4595
-
SHA512
17c1cea8aafb5ff6cb650c4a4acd89c83a6a1398e69f04460d063b850f4fbdaf3d45acac8c93446d8fd157e32683b3e7679c5d5e7201c192bbe91911be410407
-
SSDEEP
1536:iUNccxRFxCSjPMVkqDzIlH1bm/mSJgQzciLVclN:iUOcxR39jPMVXDwH1bmP2QzBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
10.9.178.70:40937
Mutex
bkyazmbfokxc
Attributes
-
delay
1
-
install
false
-
install_file
memee
-
install_folder
%AppData%
aes.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1900-1-0x0000000000180000-0x0000000000198000-memory.dmp VenomRAT -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
venomrat.exepid process 1900 venomrat.exe 1900 venomrat.exe 1900 venomrat.exe 1900 venomrat.exe 1900 venomrat.exe 1900 venomrat.exe 1900 venomrat.exe 1900 venomrat.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
venomrat.exedescription pid process Token: SeDebugPrivilege 1900 venomrat.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
venomrat.exepid process 1900 venomrat.exe