Overview

overview

10

Static

static

10

Crypted.exe

windows7-x64

10

Crypted.exe

windows10-2004-x64

10

HELL-96SQH...4H.exe

windows7-x64

3

HELL-96SQH...4H.exe

windows10-2004-x64

3

Payload.exe

windows7-x64

10

Payload.exe

windows10-2004-x64

10

Skype.exe

windows7-x64

10

Skype.exe

windows10-2004-x64

10

SpotifyGenerator.exe

windows7-x64

10

SpotifyGenerator.exe

windows10-2004-x64

10

calculate.exe

windows7-x64

3

calculate.exe

windows10-2004-x64

3

services.exe

windows7-x64

10

services.exe

windows10-2004-x64

10

xray.exe

windows7-x64

10

xray.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2024 13:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    services.exe

  • Size

    74KB

  • MD5

    e7ba2c20ff0d6d894b2e342dfbc682da

  • SHA1

    b459862f4e9a5a8ed260f13682691eb19e8620f8

  • SHA256

    4820832a84cc249be6408727b394f68127af853496b2f3ac5702fa07c98af452

  • SHA512

    a8291c5357a81f40e9a01467788fad6e57b7869e065223a8a5fa4ee8b471d7491dc3c6af069fd6a635cee7b3d7f34a2cf18d9563b80a874c714f765985668c36

  • SSDEEP

    1536:X5UdAcxqXPC/2PMVMwGPoIYH1ba/PGHq1yzQzc2LVclN:pUicxqfs2PMV7GP2H1bau8SQPBY

Score
10/10
asyncratvenomratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

ximlxhkxkljothcwg

Attributes
  • c2_url_file

    https://paste.tc/raw/x-88152-88

  • delay

    1

  • install

    false

  • install_file

    services

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • VenomRAT 1 IoCs

    Detects VenomRAT.

    rat
  • Venomrat family
    venomrat
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\services.exe
    "C:\Users\Admin\AppData\Local\Temp\services.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2668-0-0x00007FFA24463000-0x00007FFA24465000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2668-1-0x0000000000710000-0x0000000000728000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2668-3-0x00007FFA24460000-0x00007FFA24F21000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2668-7-0x00007FFA24463000-0x00007FFA24465000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2668-8-0x00007FFA24460000-0x00007FFA24F21000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2668-9-0x000000001DCC0000-0x000000001DD36000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2668-10-0x000000001D3B0000-0x000000001D3C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2668-11-0x000000001DC60000-0x000000001DC7E000-memory.dmp

    Filesize

    120KB

    Download