General

  • Target

    VenomClient.rar

  • Size

    183KB

  • Sample

    241223-xtklpaxrew

  • MD5

    cbc77b0e97fa86a07b627217f6f3a3bb

  • SHA1

    f8f7ee3e9e49d374ccb553fc152769aa32d3b6ba

  • SHA256

    1c06c3a8b59c5fbe1ffa91f8bc75191fffc8e0f0281ee4ca7899e20e3b6abfb6

  • SHA512

    cbe823df5f13e8ed31708f36af382bc66192e7fe8c487163e226ce024ecdca3029d35570a0cc67c10a8b2cfcf4c12b1ce90a278fe30d3ef1620e96406fe9565a

  • SSDEEP

    3072:jiNcrhOQ5iPkI6jIaVZBjBONAzXhtIz0h3tBbctY4Pm94HS6cNS6q9qEoWjE:nrhOQgPkI6TVDj0NAJd+67OHS6c03qVx

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

wgzvrzpksxgiaglrvq

Attributes
  • c2_url_file

    https://paste.ee/r/Wp7LQ/0

  • delay

    1

  • install

    true

  • install_file

    System.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Venom Client/Venom.exe

    • Size

      74KB

    • MD5

      c745590f5b7590f217bb204d27e91a00

    • SHA1

      9d60ffc369b1fbdae8549b859729f47477658ddd

    • SHA256

      dfb98932671339fb633c74180dba3810d9382e56618d75b3f67ae2ba3206aa1d

    • SHA512

      5c6082eb180abeceda71ac259f9fef4bd90b47e3d2adf05280f7e0a3e3b6bed1508a0e09d6f5bcbcc7bfa868b0fc2fd9ff00dab7121baa778e575eed32dddaf3

    • SSDEEP

      1536:ZUNwcxbUTCrmPMVIEh3kLuaIsH1bTc6yOQzc2LVclN:ZUicxbgwmPMVffAH1bTVQPBY

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • VenomRAT

      Detects VenomRAT.

    • Venomrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      Venom Client/freeglut.dll

    • Size

      239KB

    • MD5

      8fc8ac1ca784ea5cd3e22a1237f577d7

    • SHA1

      876d0a02f40d61e1549148bf4a9b94f5c57b8d91

    • SHA256

      c4e38871e266cafc2fd5b27e898aeba1b5beeb3f872dd0022266c7cf8273ce3f

    • SHA512

      86ee2454ebed55929aecdd05ba0af9b1097dd1c715c024cab6e390c4d20844ef3dbdf8bbe63f6eb808914d572037baba3fbd5474ece5c6be8601545044f3b698

    • SSDEEP

      3072:GxDR8PHEIeiMhUVuCW6zGcD20ZRGKhnR5ePR6W:yW37MhUly0zRgP8

    Score
    1/10
    • Target

      Venom Client/venomsba.dll

    • Size

      158KB

    • MD5

      51c3d268363828433f676cf8736dd980

    • SHA1

      ea01f0407772e66c9e15f257da7e9aa5d27709d8

    • SHA256

      6eadfc38c75bc9ae115937ac11551b1008d8705e44d9e07782d01457cfa3ed7e

    • SHA512

      18dc66f09faf3b2c9d3138ff147d1692beab6f8a2c8f18c17b0fbac32f4b18aa5aab1ed778c550e80e2fcfca471f054b353d4f6f255de7cc972929f272e02f0a

    • SSDEEP

      3072:y7cuMD9n6VxU43BpgZnJ41SqyZUy1QF7TjZ:y7cP6VxTRG1q1PrZ

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks