Overview

overview

10

Static

static

10

Venom RAT ...er.exe

windows11-21h2-x64

10

Resubmissions

06-02-2025 14:12

250206-rh1kwaypdk 10

27-01-2025 23:39

250127-3ndh3szje1 10

27-01-2025 23:31

250127-3hqapayrby 10

27-01-2025 23:17

250127-29nqhayngz 10

Analysis

  • max time kernel
    241s
  • max time network
    214s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-01-2025 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Venom RAT + HVNC + Stealer + Grabber.exe

  • Size

    14.2MB

  • MD5

    3b3a304c6fc7a3a1d9390d7cbff56634

  • SHA1

    e8bd5244e6362968f5017680da33f1e90ae63dd7

  • SHA256

    7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58

  • SHA512

    7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5

  • SSDEEP

    196608:Nja6chUZX81lbFklbYJygrP7aIBhLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95UhS14:qT+P+Zw6NLIsFfskh1BmXG04

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

Mutex

pboudensmfocguda

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Async RAT payload 1 IoCs
    rat
  • Executes dropped EXE 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Venom RAT + HVNC + Stealer + Grabber.exe
    "C:\Users\Admin\AppData\Local\Temp\Venom RAT + HVNC + Stealer + Grabber.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4376
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:2128
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3252
    • C:\Users\Admin\Desktop\Client.exe
      "C:\Users\Admin\Desktop\Client.exe"
      1⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:1064
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
      1⤵
        PID:2220
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C0
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3892

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
        Filesize

        14KB

        MD5

        fe08ef156270308ff6c84715988253c9

        SHA1

        b70abeb678c4590067c7c62117bb56188f9545b0

        SHA256

        e5adf4b8611f8439ef333b8267e158325a73c61f48564479fc3a92016c24c428

        SHA512

        8bc4438431a7303987c444dfc190a299107df19a657a2c3a794142636b9ba0877ab38671736f02f4c643078a692a7ef6d9cb5fe860b74086d303ab898b414f60

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
        Filesize

        14KB

        MD5

        6fed163bbcdafe9e2624b16c014cf03b

        SHA1

        c521610f0ccbf505e20c423897b5a44ac75a3031

        SHA256

        a93de31f934b5d2239c44f9e3fdbfe17d0afc2714c9b27ec92ca7f954db794e2

        SHA512

        107a088c656cb344707ff6bf521f8c9e9d72e5a8733506ba21ce941ee1bcb833ea579e3449153bbd45277e439bfc3bb6c741f0490357a64551f68816efcd7d1f

        Download Submit

      • C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_hfvp5p1rhhwhiply0vdltrgybx1zwz4h\6.0.3.1\user.config
        Filesize

        1KB

        MD5

        3fb8d2a2cd510948957ef43af5de1a6a

        SHA1

        165c56b69c45db04546436b8cfcd21bf543fe1e3

        SHA256

        095a2b7ce003847ea27f3eb98eca1c5bf9098c194c137c550bed549fe8d46306

        SHA512

        ddf025953f0487612cab831866ce03285aa810a406d0a92d4491a2d26c7eaba2c4108c230309732a7ab6184c1578419164afe2fdc8e0179d8584bfbc7e75f1c6

        Download Submit

      • C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_hfvp5p1rhhwhiply0vdltrgybx1zwz4h\6.0.3.1\ybdd2sco.newcfg
        Filesize

        1KB

        MD5

        ec49b7f5618d420d4c61a527d52c2638

        SHA1

        4c627db09339ea9d8266671a866140c5c9377c89

        SHA256

        1e5fc255b1d6ff6b9fcb242f9aade5db7d5ce869a7bad4a216cf92c90f239def

        SHA512

        d33bbc0e55aa55a52b12a476d570bc2f2bb649313d416d94cd7bf73c0e76bdbf016b8cecf2eb3aaafb490e36238a8bec3e41e88201b65d032daaed757ddabd6c

        Download Submit

      • C:\Users\Admin\Desktop\Client.exe
        Filesize

        74KB

        MD5

        812ab6b483885e8eff10a8550bd25496

        SHA1

        7f4a829e032ff5b39e6b70df18c44d75465ad276

        SHA256

        e7b523924e1307059e2fcb41f64db39e4bd2a84f5eb2eb7277533293942d0a80

        SHA512

        67a42f9cf7124991bc238ecf1653f156fad9f1dcce97b19a29bbb6f6367cf1cc91bc530da04145c1a0fb7e74abb209cc58349fdbe5901e70ce514184e63da56c

        Download Submit

      • memory/1064-87-0x000000001BFB0000-0x000000001BFBB000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1064-85-0x000000001B4D0000-0x000000001B4DD000-memory.dmp

        Filesize

        52KB

        Download

      • memory/1064-73-0x000000001AF90000-0x000000001AFAE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/1064-72-0x0000000000A90000-0x0000000000A9E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1064-71-0x000000001BFC0000-0x000000001C036000-memory.dmp

        Filesize

        472KB

        Download

      • memory/1064-65-0x00000000001F0000-0x0000000000208000-memory.dmp

        Filesize

        96KB

        Download

      • memory/1064-84-0x00000000024F0000-0x00000000024F9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/1064-86-0x000000001BF90000-0x000000001BFAE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/1064-83-0x000000001BF40000-0x000000001BF86000-memory.dmp

        Filesize

        280KB

        Download

      • memory/4376-11-0x0000015C72D30000-0x0000015C731B4000-memory.dmp

        Filesize

        4.5MB

        Download

      • memory/4376-12-0x0000015C6DB90000-0x0000015C6DBB0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4376-16-0x00007FFC74E10000-0x00007FFC758D2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4376-17-0x00007FFC74E10000-0x00007FFC758D2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4376-18-0x0000015C72B10000-0x0000015C72BBA000-memory.dmp

        Filesize

        680KB

        Download

      • memory/4376-19-0x00007FFC74E10000-0x00007FFC758D2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4376-20-0x00007FFC74E10000-0x00007FFC758D2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4376-23-0x0000015C71600000-0x0000015C7160A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4376-24-0x00007FFC74E10000-0x00007FFC758D2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4376-25-0x00007FFC74E10000-0x00007FFC758D2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4376-29-0x00007FFC74E10000-0x00007FFC758D2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4376-30-0x0000015C76BD0000-0x0000015C76CF4000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4376-13-0x00007FFC74E10000-0x00007FFC758D2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4376-46-0x00007FFC74E10000-0x00007FFC758D2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4376-14-0x0000015C731C0000-0x0000015C733D2000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4376-15-0x00007FFC74E13000-0x00007FFC74E15000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4376-10-0x0000015C71620000-0x0000015C719BC000-memory.dmp

        Filesize

        3.6MB

        Download

      • memory/4376-0-0x00007FFC74E13000-0x00007FFC74E15000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4376-68-0x0000015C75E10000-0x0000015C75EC2000-memory.dmp

        Filesize

        712KB

        Download

      • memory/4376-69-0x0000015C75D50000-0x0000015C75D72000-memory.dmp

        Filesize

        136KB

        Download

      • memory/4376-9-0x0000015C72200000-0x0000015C72892000-memory.dmp

        Filesize

        6.6MB

        Download

      • memory/4376-8-0x0000015C71A40000-0x0000015C721FE000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4376-6-0x0000015C6E670000-0x0000015C6E748000-memory.dmp

        Filesize

        864KB

        Download

      • memory/4376-7-0x0000015C6DBC0000-0x0000015C6DC10000-memory.dmp

        Filesize

        320KB

        Download

      • memory/4376-5-0x00007FFC74E10000-0x00007FFC758D2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4376-4-0x0000015C6DC60000-0x0000015C6DEB2000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4376-3-0x0000015C6DF20000-0x0000015C6E432000-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4376-2-0x0000015C6EE10000-0x0000015C70214000-memory.dmp

        Filesize

        20.0MB

        Download

      • memory/4376-1-0x0000015C6A5E0000-0x0000015C6B414000-memory.dmp

        Filesize

        14.2MB

        Download