Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-10-2024 20:20
Behavioral task
behavioral1
Sample
venomrat.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
General
-
Target
venomrat.exe
-
Size
74KB
-
MD5
97d38e8fc62403858ed77ea4dcc8d5d3
-
SHA1
3e04032392cdbd91b0e1f59b6ad472c68788ea8a
-
SHA256
a08dacbe24961799a348ccb18adb5d56f34059136fba358fa432cacfec6c4595
-
SHA512
17c1cea8aafb5ff6cb650c4a4acd89c83a6a1398e69f04460d063b850f4fbdaf3d45acac8c93446d8fd157e32683b3e7679c5d5e7201c192bbe91911be410407
-
SSDEEP
1536:iUNccxRFxCSjPMVkqDzIlH1bm/mSJgQzciLVclN:iUOcxR39jPMVXDwH1bmP2QzBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
10.9.178.70:40937
Mutex
bkyazmbfokxc
Attributes
-
delay
1
-
install
false
-
install_file
memee
-
install_folder
%AppData%
aes.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4088-1-0x0000000000E50000-0x0000000000E68000-memory.dmp VenomRAT -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
venomrat.exepid process 4088 venomrat.exe 4088 venomrat.exe 4088 venomrat.exe 4088 venomrat.exe 4088 venomrat.exe 4088 venomrat.exe 4088 venomrat.exe 4088 venomrat.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
venomrat.exedescription pid process Token: SeDebugPrivilege 4088 venomrat.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
venomrat.exepid process 4088 venomrat.exe