asyncrat | 46c17ffefbfcaa044cbbcbb33d6219da84538c22a51e53bff647c87da33a0bd9

Resubmissions

01-11-2024 19:21

241101-x2x7rasncw 10

01-11-2024 19:17

241101-xznwaswjej 10

01-11-2024 02:08

241101-ckp5latpgs 10

Analysis

max time kernel
53s
max time network
39s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
01-11-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VenomRAT.v6.0.3.+SOURCE.7z
Size

73.7MB
MD5

29c6c293c6723135cbe7b5d0fc3a3d20
SHA1

17219c8998c1afa1bd7061276958e9ed54cbb393
SHA256

46c17ffefbfcaa044cbbcbb33d6219da84538c22a51e53bff647c87da33a0bd9
SHA512

d6833432820b6eb2828ffd88a3028f3b3b014176db76330ce5c3af5eeb80aac1d9816d81dfdaa11a972e59ed144551d60c1cf4b0568e5cc7dedcb6df033c12e1
SSDEEP

1572864:4VI5gzIBQ4OZRbwhtq81vZ8KCNsuYk+8327i8Nd5Sr5:KIeIa4Atotq87BCyuz+BOKe5

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Executes dropped EXE 1 IoCs

pid	Process
3744	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3640	7zFM.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	3640	7zFM.exe
Token: 35	3640	7zFM.exe
Token: SeSecurityPrivilege	3640	7zFM.exe
Token: SeDebugPrivilege	3744	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3640	7zFM.exe
3640	7zFM.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3744	Venom RAT + HVNC + Stealer + Grabber.exe
3744	Venom RAT + HVNC + Stealer + Grabber.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\VenomRAT.v6.0.3.+SOURCE.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3640

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4396

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3744

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zE83E741E7\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe.config

Filesize
3KB

MD5
a1c2a2870001b66db41bcb020bff1c2d

SHA1
8c54c6a3564c8892aa9baa15573682e64f3659d9

SHA256
0aa9e3ab5c88c5761120206eff5c6e35c90288290b3647a942059705ef5b75e5

SHA512
b3bf53120203cfaa951f301b532849cb382d2404c9503916bc1ca39925a9a1530b01045f341fc75d47d65130d0187dcbbf4288b9ef46aa81624b59ba7802794b

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.Desktop.v22.1.dll

Filesize
838KB

MD5
e59c802bbbc1ebc554f3f7b6a3259ee1

SHA1
fdb4fa99e15d6519f18f7afe972fb2b128c5caf4

SHA256
d13e0c266cb9b98a911bbb87fd94cd9e5125e3bff93bb9b1032271e7507ef2f6

SHA512
34aa13fd54fa262405e68c5f915192fe02b9d2c6560f36c5a5c93ec399407b47996e2d4ed88c22286cc6d578a4356353a9540a729684272611350c4665119e73

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.v22.1.dll

Filesize
5.0MB

MD5
5c3017ec9073a7a4f3351440c3daaa8a

SHA1
ee1f73f8618439fc8a42f38b32760367bd5ce6b5

SHA256
e8d4940767c992e14acb77ba1140d5dac56683afe5096e1b08408b0767466e33

SHA512
5d98631f754067e659400183134024cc2a4c22ba4a43ddf592791e01eca5cf1530eabcc4ee34beb7507c56dd02a80ba4704db389753a3119657e1d822c68c02a

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Drawing.v22.1.dll

Filesize
291KB

MD5
cb877cd3b77a37f8e279fe7dc6b4ba6a

SHA1
a03989c1144a57e9088daa40f829a49298135b03

SHA256
bc0d40dcdcc9f3e2e7b7071ffb033811bb094cc6a63907c994acd5415b577930

SHA512
8dbbbe8606bd36c2efd4f456840c9cb5dd4966097f3a6a0e81104fe4a50695adf558612d74fd31978728455f699f6623e73dfd5e3fcd405e0afceebe83ddd97b

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Printing.v22.1.Core.dll

Filesize
4.5MB

MD5
9ec835a4e269f978eeefd7fd8bd5abb0

SHA1
e36a07167bd83d713703a84f3c2c2b8f86cd38f5

SHA256
e4d60cac9cacde3cab841854b4c5348df89a4e4027b62de09184a3ddbb81a5a0

SHA512
2a72b3615215b94d1b7fce3c9ff28042c4c02ec655e3fdc42008217979b65f39fff9cb75a35ac1426a78aa2f8c0c00354369cdb5b5df155efcde8651878de4d9

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Utils.v22.1.dll

Filesize
20.0MB

MD5
07adc748684fd33a198f2dc6eea12666

SHA1
28f62a05673447a3a347aa6a01ae8cd518126956

SHA256
50cba5304bf0a620c119a610e73f545fee688462860706785db507110739a093

SHA512
893829cb3e1a27e5cbcab9a3b7ef290b1ec74cb21fc46358f2a08a3149d54bd34258046ac47387ad5777d794478230bf2605897e7259ac7a0241dc1272e121ab

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraBars.v22.1.dll

Filesize
6.5MB

MD5
8f335dc88eb706a7b50f45a3fd308dee

SHA1
1bcfb26b7e945fe29f40a1f2ad19c4be4d590edd

SHA256
3f31296a5be7c607874f4fd3e66df9d2c460edbc5c4b41ee5ce93534786310ac

SHA512
0d42472c287497878a08393b1b39608c0f466520b1ed9aac83fdbd25171941d40d0d0eb1012503894aaac5a5b64db7ea8d280df6d5f7afdd15490d4cee97ea00

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraEditors.v22.1.dll

Filesize
7.7MB

MD5
9a4fa4e33d64f44451fc4223a5616355

SHA1
124caceb4e82537403a4b5e9b21487c369b69559

SHA256
fc4e229d2237af90eb1b76205b543098ee958cbc7558d7a6dab41b5210fdaef5

SHA512
869b25aa356a957ba361b4fcc1b3aa8363e7bd23a577538f904995ebaebb8a249398e35cf381f5ba06baed95c8dd3e5d6e3aea8efe5ac8e48ca2482c9d549bf9

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraGrid.v22.1.dll

Filesize
3.6MB

MD5
8478f5aa3de612bd2cf5e9356688d0f3

SHA1
84103d2abee8976dcaac172bcb9e064dfd06a890

SHA256
ae22e7bebe5c4b59363c5980940c64608d1a35c6b5026e0e088605132187c8da

SHA512
d0f3cbf8144c733266e05b2513603f5b44bf6fa359bbff86c3d437e022ef1d6451ce7b3f335d116438346aeb3d93bc5a82a6a548a7b1795f72991112abe6750f

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraLayout.v22.1.dll

Filesize
2.0MB

MD5
45d8d7bd5e30d8b5da44f6a60e331c87

SHA1
301d5dc4a8a1141234559df872ce219c1c7efccb

SHA256
e6e670bf76dc46e959f74b09d3c6e614b2121975456b00041e32bd7f5001253f

SHA512
23b303f287e0b77d221e8cd24cf2933d4976e9b61dfc9bd03c9f365d44988a0a7ce2e81366466dcdff981931099964ebc04293de2de039e0322eed9ac911291b

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\MessagePackLib.dll

Filesize
16KB

MD5
06247396be54c6ebb06fd6ca84ee80cc

SHA1
51fb23ff498a47c0be900ae43a7030f98794eb59

SHA256
669e42b6c6e94dc2735f281aa5b33c0d398b91960158ec556e521974b3be5843

SHA512
03d93f22aaf1bc0dc4d26b130aa1cb1668c14b854ff84803c8b2cc74625cda44970dd5be1b17865986eabb6966a7d65c226282becfd7963b72b8035990ffc299

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe

Filesize
14.2MB

MD5
3b3a304c6fc7a3a1d9390d7cbff56634

SHA1
e8bd5244e6362968f5017680da33f1e90ae63dd7

SHA256
7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58

SHA512
7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\VenomServer.p12

Filesize
1KB

MD5
65efef16af8b2bb993e24ca1fdb3f3a7

SHA1
e205dcc888582eb51d0ee9690d37a7b75138f715

SHA256
c40f74c79715de4c5265dffd643d7bd5dda2caa09ca84e620bc78f7d27df51fc

SHA512
29581484c44849ccd0ad9bd2c9058fc56f3589019baf4b833a5fc8ceea0e488a357639c92cbaf977f74d5f2d59abb2b8ee7a607cdc67c6c14592b4bd9c3a5215

Download Submit
C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\cGeoIp.dll

Filesize
2.3MB

MD5
6d6e172e7965d1250a4a6f8a0513aa9f

SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b

SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

Download Submit
memory/3744-561-0x0000014982820000-0x0000014982FDE000-memory.dmp

Filesize
7.7MB

Download
memory/3744-568-0x0000014980000000-0x0000014980020000-memory.dmp

Filesize
128KB

Download
memory/3744-556-0x00000149800E0000-0x00000149801B8000-memory.dmp

Filesize
864KB

Download
memory/3744-558-0x0000014980050000-0x00000149800A0000-memory.dmp

Filesize
320KB

Download
memory/3744-554-0x0000014980260000-0x00000149804B2000-memory.dmp

Filesize
2.3MB

Download
memory/3744-563-0x0000014982FE0000-0x0000014983672000-memory.dmp

Filesize
6.6MB

Download
memory/3744-552-0x0000014980520000-0x0000014980A32000-memory.dmp

Filesize
5.1MB

Download
memory/3744-565-0x0000014980DE0000-0x000001498117C000-memory.dmp

Filesize
3.6MB

Download
memory/3744-567-0x0000014983B10000-0x0000014983F94000-memory.dmp

Filesize
4.5MB

Download
memory/3744-559-0x00007FFEEBF70000-0x00007FFEECA32000-memory.dmp

Filesize
10.8MB

Download
memory/3744-570-0x0000014981180000-0x0000014981392000-memory.dmp

Filesize
2.1MB

Download
memory/3744-550-0x0000014981410000-0x0000014982814000-memory.dmp

Filesize
20.0MB

Download
memory/3744-571-0x0000014980AF0000-0x0000014980B9A000-memory.dmp

Filesize
680KB

Download
memory/3744-572-0x00007FFEEBF73000-0x00007FFEEBF75000-memory.dmp

Filesize
8KB

Download
memory/3744-548-0x000001497F170000-0x000001497FFA4000-memory.dmp

Filesize
14.2MB

Download
memory/3744-577-0x000001497FFC0000-0x000001497FFCA000-memory.dmp

Filesize
40KB

Download
memory/3744-547-0x00007FFEEBF73000-0x00007FFEEBF75000-memory.dmp

Filesize
8KB

Download
memory/3744-578-0x00007FFEEBF70000-0x00007FFEECA32000-memory.dmp

Filesize
10.8MB

Download