Overview

overview

10

Static

static

3

d34a8a8a56...2d.exe

windows7-x64

10

d34a8a8a56...2d.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-11-2024 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d34a8a8a5661c308dff6fa997aa1151ee7ed46bfefee20b64e826292a272e42d.exe

  • Size

    136KB

  • MD5

    71166c04e60532bb84fc37b12cbc39c2

  • SHA1

    438f6bc46adc2f500516adfa83668ae0bf48abfd

  • SHA256

    d34a8a8a5661c308dff6fa997aa1151ee7ed46bfefee20b64e826292a272e42d

  • SHA512

    bfbd3b5a909c4a89639c20ac63e3947e5c78f16b05adc8496bcda9ccb6642ac848256c9778c80f8150ecf8138c33ed5c4c1ba391fd20e83427fb4b09e9aa58bd

  • SSDEEP

    3072:seRxy2E/7oh9/Gzyx7XaI/7fI81Z34zikDMSb1BYLWQfv:BkO9/GKX17FZIukD9O3

Score
10/10
asyncratvenomratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

qdjtygkpttzwe

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/w9ciyBd2

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • VenomRAT 2 IoCs

    Detects VenomRAT.

    rat
  • Venomrat family
    venomrat
  • Async RAT payload 1 IoCs
    rat
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d34a8a8a5661c308dff6fa997aa1151ee7ed46bfefee20b64e826292a272e42d.exe
    "C:\Users\Admin\AppData\Local\Temp\d34a8a8a5661c308dff6fa997aa1151ee7ed46bfefee20b64e826292a272e42d.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Users\Admin\AppData\Roaming\Client.exe
      "C:\Users\Admin\AppData\Roaming\Client.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2756
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Client.exe
    Filesize

    96KB

    MD5

    8f0807d1ba521c06b793a6717744c4f3

    SHA1

    f5a414ddcbf4a7bcc420912d4a8eb5f414f2ea35

    SHA256

    c40b7d6c8145eb7b3d40d868c72701f21b1390259585e0bfaf0ac4b66b438572

    SHA512

    cacae5105f21d0d5d6b930f8e86c6fd0ed2adcf289e18ad9e34d584bcd757b7beb17ed31cd64ee0514b2b6ed21b68ec0361a7b37c9d063981320c698769ae134

    Download Submit

  • C:\Users\Admin\AppData\Roaming\istockphoto-1212369987-612x612.jpg
    Filesize

    34KB

    MD5

    9e2447961613086a0bfbd34dececd929

    SHA1

    7ef96a9b48f63f94fc91ab0f17b18d4c81c77901

    SHA256

    ee30977c24b9607c07513670e524bdb95fdd89c1c1c4d551666a4b9a64a4a5f8

    SHA512

    379117b6a5b3ce178069ec7e51aca3026168a827685235a6d372e9d5f9b14470e7755bd1b9179c46019273b00dc25fcca807189d62a2414ff0e355457a65a675

    Download Submit

  • memory/2756-14-0x0000000000D10000-0x0000000000D2E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2888-5-0x0000000000220000-0x0000000000222000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2888-12-0x0000000000460000-0x0000000000461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2888-17-0x0000000000460000-0x0000000000461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2904-0-0x0000000074241000-0x0000000074242000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2904-1-0x0000000074240000-0x00000000747EB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2904-3-0x0000000074240000-0x00000000747EB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2904-4-0x0000000000540000-0x0000000000542000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2904-13-0x0000000074240000-0x00000000747EB000-memory.dmp

    Filesize

    5.7MB

    Download