Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09-10-2024 20:56
General
-
Target
Client.exe
-
Size
74KB
-
MD5
f9519b6edbaf7635041a254c85af2597
-
SHA1
0888c02a548c52d798b463d83851dd4cc34507b3
-
SHA256
1ea5471443a6074ebacb85e46b76dc06601e233baa29b44eff6b127e007b12c7
-
SHA512
bdfc704c634c44dfcb6d485eeeff8146435dcf500dce5188536410859aed2d7e2c426aa79784523fbc486151706178c9bddd0a552ddce810271cdf6b5892e468
-
SSDEEP
1536:2UXNwcxKHXwzCtmPMV2e9VdQuDI6H1bf/QRIYQzcqLVclN:2UXicxK8WmPMV2e9VdQsH1bfOLQbBY
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
Mutex
huakilfgwvmjg
Attributes
-
c2_url_file
https://paste.ee/r/vqBOJ/0
-
delay
1
-
install
false
-
install_file
system.exe
-
install_folder
%AppData%
aes.plain
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
VenomRAT 1 IoCs
Detects VenomRAT.
-
Suspicious behavior: EnumeratesProcesses 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Client.exe"C:\Users\Admin\AppData\Local\Temp\Client.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
96KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
8KB
-
Filesize
10.8MB