Overview

overview

10

Static

static

10

venomrat client 2.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    892s
  • max time network
    900s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13/01/2025, 18:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    venomrat client 2.exe

  • Size

    74KB

  • MD5

    ef308071b3c1aaf3a506d3b8bde91262

  • SHA1

    d94528a753ad2d7eb5562bf29923781713f1b2fd

  • SHA256

    b8255d23725e9094fcdfa49602eedaa72062a69bb3b839334e15a22f39e331ef

  • SHA512

    e5a20ab076f69643eda6eef88d114a96930b7d28bfa352adad08d72bb2619a6650a3af0a5a26a0b15e3ba3c8b5ae50e989a7f0077c5f8c1731397a1e6a859190

  • SSDEEP

    1536:7Uokcx4VHsC0SPMVIGmgfbYITH1b3/PvQzcyLVclN:7Ulcx4GfSPMVlmgfZH1b3XvQjBY

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

Venom Pwn3rzs' Edtition v6.0.1

Botnet

Default

C2

127.0.0.1:4449

127.0.0.1:13648

3.67.62.142:4449

3.67.62.142:13648

192.168.132.1:4449

192.168.132.1:13648
Mutex

pqtqeocqbgg

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Suspicious behavior: EnumeratesProcesses 58 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\venomrat client 2.exe
    "C:\Users\Admin\AppData\Local\Temp\venomrat client 2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4092-0-0x00007FF912A73000-0x00007FF912A75000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4092-1-0x0000000000BA0000-0x0000000000BB8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4092-3-0x00007FF912A70000-0x00007FF913532000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4092-4-0x00007FF912A70000-0x00007FF913532000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4092-5-0x00007FF912A73000-0x00007FF912A75000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4092-6-0x00007FF912A70000-0x00007FF913532000-memory.dmp

    Filesize

    10.8MB

    Download