General
-
Target
_-Venom.exe.vir
-
Size
534KB
-
Sample
220621-mq39hsdadl
-
MD5
b0f6e15f83e03ea0ab502951b62c3dbf
-
SHA1
feeb74ad283f27e9eb5e96dccc9fa1c44eab00be
-
SHA256
6b39407f3c2b6064f483c474c9359f344f2aa8e0afef0941d33deddbc275fdb2
-
SHA512
8641c8a0b9b46e62a91d2d47a240a8df030394fbf2460d1327428daa46fc8fbf6950d799f9c17c710473712cf44cdb016ba7d4dffeabd6f0912b65874429da45
Malware Config
Extracted
quasar
2.1.0.0
Office04
littlehf.ddns.net:4566
VNM_MUTEX_au1VZH90ssfu7up6jn
-
encryption_key
XZHIHOgylm3qxGXtmm9j
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Venom Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
_-Venom.exe.vir
-
Size
534KB
-
MD5
b0f6e15f83e03ea0ab502951b62c3dbf
-
SHA1
feeb74ad283f27e9eb5e96dccc9fa1c44eab00be
-
SHA256
6b39407f3c2b6064f483c474c9359f344f2aa8e0afef0941d33deddbc275fdb2
-
SHA512
8641c8a0b9b46e62a91d2d47a240a8df030394fbf2460d1327428daa46fc8fbf6950d799f9c17c710473712cf44cdb016ba7d4dffeabd6f0912b65874429da45
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Quasar Payload
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
VenomRAT
VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
-
suricata: ET MALWARE Common RAT Connectivity Check Observed
suricata: ET MALWARE Common RAT Connectivity Check Observed
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-