venomrat | b603bb5bf05a55c7687cbfa64566cb5608947284b8eaf0da2b1b6d282fee3ecd | Triage

Submit
Reports

Overview

overview

Static

static

b603bb5bf0...cd.exe

windows7_x64

b603bb5bf0...cd.exe

windows10_x64

Sharing

General

Target

b603bb5bf05a55c7687cbfa64566cb5608947284b8eaf0da2b1b6d282fee3ecd
Size

695KB
Sample

210228-wq1rjc8g1a
MD5

75a0dff08308ea7de7a5a7a0528683de
SHA1

79fbffc4c4b90d58ea179ece6153302e8dd4012d
SHA256

b603bb5bf05a55c7687cbfa64566cb5608947284b8eaf0da2b1b6d282fee3ecd
SHA512

2cd661e50aad22c1d2b113dbe0e92f5391bc370fc19b8adf2009431a2dfd48072bf15a65edf6089c562ffeabee4c8fc0ab556448cef7a0ea72b007bd0df9708c

Score

10^/10

venomrat xmrig evasion miner persistence rat rootkit stealer

Static task

static1

Behavioral task

behavioral1

Sample

b603bb5bf05a55c7687cbfa64566cb5608947284b8eaf0da2b1b6d282fee3ecd.exe

Resource

win7v20201028

venomrat xmrig evasion miner persistence rat rootkit stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b603bb5bf05a55c7687cbfa64566cb5608947284b8eaf0da2b1b6d282fee3ecd.exe

Resource

win10v20201028

venomrat evasion persistence rat rootkit stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b603bb5bf05a55c7687cbfa64566cb5608947284b8eaf0da2b1b6d282fee3ecd
- Size
  
  695KB
- MD5
  
  75a0dff08308ea7de7a5a7a0528683de
- SHA1
  
  79fbffc4c4b90d58ea179ece6153302e8dd4012d
- SHA256
  
  b603bb5bf05a55c7687cbfa64566cb5608947284b8eaf0da2b1b6d282fee3ecd
- SHA512
  
  2cd661e50aad22c1d2b113dbe0e92f5391bc370fc19b8adf2009431a2dfd48072bf15a65edf6089c562ffeabee4c8fc0ab556448cef7a0ea72b007bd0df9708c
Score

10^/10

venomrat xmrig evasion miner persistence rat rootkit stealer
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Modifies visiblity of hidden/system files in Explorer
  evasion
- VenomRAT
  VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
  rat rootkit stealer venomrat
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

venomratxmrigevasionminerpersistenceratrootkitstealer

behavioral2

venomratevasionpersistenceratrootkitstealer

© 2018-2024

Terms | Privacy