General
-
Target
Venom.exe
-
Size
1.0MB
-
Sample
221020-s9baqscch7
-
MD5
18c19bfe43da0688d3aa10a4f14215eb
-
SHA1
eba2b90d075faea00d2e20b70dfebdf17f8b0fb0
-
SHA256
7b14e9c36e5e365489f3e1941fcccc94895497c5e8c062315f4a9c06837ecbbd
-
SHA512
35f5703e6bf27403304042d8258e92421c972ae3d2e9ae4df4c1f4127b1d472f19e4b0a9c8088f985d01528bcbc33025639adcefbc3677c0cfeda981a00eb6c9
-
SSDEEP
24576:LXY5kMJDyGouUqg75HVDBvdXlvlMGWWeliTymxE3ZnLWaF:j4kMJDyGouUqg75HVDBvdXRAWelim/pL
Behavioral task
behavioral1
Sample
Venom.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
quasar
2.7.0.0
Victima
192.168.0.14:34401
elpepemanca.ddns.net:34401
VvxdNHrxwKmtOrJ3IC
-
encryption_key
Ot0UQzulUKQ4dD5ryC4T
-
install_name
explorer.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Venom Client Startup
Targets
-
-
Target
Venom.exe
-
Size
1.0MB
-
MD5
18c19bfe43da0688d3aa10a4f14215eb
-
SHA1
eba2b90d075faea00d2e20b70dfebdf17f8b0fb0
-
SHA256
7b14e9c36e5e365489f3e1941fcccc94895497c5e8c062315f4a9c06837ecbbd
-
SHA512
35f5703e6bf27403304042d8258e92421c972ae3d2e9ae4df4c1f4127b1d472f19e4b0a9c8088f985d01528bcbc33025639adcefbc3677c0cfeda981a00eb6c9
-
SSDEEP
24576:LXY5kMJDyGouUqg75HVDBvdXlvlMGWWeliTymxE3ZnLWaF:j4kMJDyGouUqg75HVDBvdXRAWelim/pL
Score10/10-
Quasar payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-