Behavioral task
behavioral1
Sample
Venom.exe
Resource
win10v2004-20220812-en
General
-
Target
Venom.exe
-
Size
1.0MB
-
MD5
18c19bfe43da0688d3aa10a4f14215eb
-
SHA1
eba2b90d075faea00d2e20b70dfebdf17f8b0fb0
-
SHA256
7b14e9c36e5e365489f3e1941fcccc94895497c5e8c062315f4a9c06837ecbbd
-
SHA512
35f5703e6bf27403304042d8258e92421c972ae3d2e9ae4df4c1f4127b1d472f19e4b0a9c8088f985d01528bcbc33025639adcefbc3677c0cfeda981a00eb6c9
-
SSDEEP
24576:LXY5kMJDyGouUqg75HVDBvdXlvlMGWWeliTymxE3ZnLWaF:j4kMJDyGouUqg75HVDBvdXRAWelim/pL
Malware Config
Extracted
quasar
2.7.0.0
Victima
192.168.0.14:34401
elpepemanca.ddns.net:34401
VvxdNHrxwKmtOrJ3IC
-
encryption_key
Ot0UQzulUKQ4dD5ryC4T
-
install_name
explorer.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Venom Client Startup
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar
Files
-
Venom.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ