Overview

overview

10

Static

static

10

4782e81f40...04.exe

windows7-x64

10

4782e81f40...04.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/03/2025, 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4782e81f40ac01047775af26b407de648f26e7f6a00f6db43acfa0fdc6835f04.exe

  • Size

    74KB

  • MD5

    a4716a128df2139998377ef678072dbf

  • SHA1

    a3f1856360899afd65175c2129aa3a13325e0855

  • SHA256

    4782e81f40ac01047775af26b407de648f26e7f6a00f6db43acfa0fdc6835f04

  • SHA512

    b207e4cce7dbe04542ebaa35720a9dbbf9d94dec0e1d6741fd6b81ba247342214461cbfaa3b3dfcdb665dbfa7bc0176230a293f134d1f39f8a2d4f34e8629884

  • SSDEEP

    1536:LUk0cxVGlCBiPMVye9VdQuDI6H1bf/33OOdjQzc+LVclN:LURcxVMWiPMVye9VdQsH1bfzQXBY

Score
10/10
asyncratvenomratjandiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

JAN

Mutex

qnxsdyjsfdtxvg

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/Ax2bm8Nk

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • VenomRAT 1 IoCs

    Detects VenomRAT.

    rat
  • Venomrat family
    venomrat
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4782e81f40ac01047775af26b407de648f26e7f6a00f6db43acfa0fdc6835f04.exe
    "C:\Users\Admin\AppData\Local\Temp\4782e81f40ac01047775af26b407de648f26e7f6a00f6db43acfa0fdc6835f04.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA664.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/1632-0-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1632-1-0x0000000000D50000-0x0000000000D68000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1632-3-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1632-4-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1632-22-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1632-43-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1632-44-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

    Filesize

    9.9MB

    Download