Extracted

Extracted

• • Target

    VenomRAT-V5.6-HVNC (1).rar

  • Size

    44.7MB

  • MD5

    3359e400772b429af1a1c5b2f06ad301

  • SHA1

    bdedb4c410ba58392feefcda17ec18c9ec5e45db

  • SHA256

    b460cb71a7c6a0ef8f1f92dc52c237a41a783fa5d2925362eb0ab3db51420e71

  • SHA512

    63f5c3a773dc4d3ff44aef6b318e1e23c3befecf3a1263f4f45c132c487dae8fe9f0a2512a3699ae70c8b602ca83e672be8b18b0f9be60693c600a70b08f2f4a

  • SSDEEP

    786432:G42E0fcdbuf9QZZEdyvV554KDYKiQ7mKv9Ewf91HZOrck8+xUhJZkwhNc:GbE0fk6FkZEdKV5i2BiQKaEwHHZIAJZK

  Score

  10^/10

  asyncratquasarv15.4.1 | venomvenom clientsdefense_evasiondiscoveryransomwareratspywaretrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Async RAT payload

    rat

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Indicator Removal: Clear Windows Event Logs

    Clear Windows Event Logs to hide the activity of an intrusion.

    defense_evasion

  • Loads dropped DLL

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2