quasar | e83d13fcdc0f133482d558c8ce25b45a491ba3aff13849ce8169f05bb4972f0d | Triage

Submit
Reports

Overview

overview

Static

static

77-Venom.exe

windows7_x64

77-Venom.exe

windows10_x64

Sharing

General

Target

77-Venom.exe
Size

576KB
Sample

200815-1gc48vskrx
MD5

a4a92cfdc1b3a949970eb6f5b20e1f21
SHA1

6f46b5386bb1cdcf83861666ddeb2be02ae7ee5f
SHA256

e83d13fcdc0f133482d558c8ce25b45a491ba3aff13849ce8169f05bb4972f0d
SHA512

8b9153e6ab420e088de44005f5bc8d335ae83ad2b7705802c6140cd407df6a6f690adb172806846e39ce2a899ea849520a0b71c2a7057cf5adb58df436369447

Score

10^/10

quasar venomrat evasion rat rootkit spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

77-Venom.exe

Resource

win7

rat rootkit stealer venomrat evasion trojan spyware quasar

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

77-Venom.exe

Resource

win10v200722

evasion trojan spyware quasar rat rootkit stealer venomrat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  77-Venom.exe
- Size
  
  576KB
- MD5
  
  a4a92cfdc1b3a949970eb6f5b20e1f21
- SHA1
  
  6f46b5386bb1cdcf83861666ddeb2be02ae7ee5f
- SHA256
  
  e83d13fcdc0f133482d558c8ce25b45a491ba3aff13849ce8169f05bb4972f0d
- SHA512
  
  8b9153e6ab420e088de44005f5bc8d335ae83ad2b7705802c6140cd407df6a6f690adb172806846e39ce2a899ea849520a0b71c2a7057cf5adb58df436369447
Score

10^/10

rat rootkit stealer venomrat evasion trojan spyware quasar
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- VenomRAT
  VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
  rat rootkit stealer venomrat
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ratrootkitstealervenomratevasiontrojanspywarequasar

behavioral2

evasiontrojanspywarequasarratrootkitstealervenomrat

© 2018-2024

Terms | Privacy