venus

General

Target

0a1dbcff63619c4d9072484bb17b3d06300504e836e42df98eadf57e7ad0d0be.exe
Size

225KB
Sample

221209-f8allafd5w
MD5

8691dae21568faaeda49bcd640e1ad23
SHA1

524b589ef403ff21cf040ef33c21b1d6d8235feb
SHA256

0a1dbcff63619c4d9072484bb17b3d06300504e836e42df98eadf57e7ad0d0be
SHA512

870aedf4a6ee62cbfdc4c094ddf3da08fb603dc248e36baa9ae833b5f22e930650f97b7d1d1a78787c5ae40e03d131b1814ca34a7264cc9b311cb92f2f1eb30d
SSDEEP

6144:2NRgzJmXrQwAPj5XJkcXV50DErs5xgTw7ozFz254W:URglerQwAjkzDZGcoxfW

Score

10^/10

Malware Config

Extracted

Path

\??\E:\README.html

Ransom Note

<html><head><title>Venus</title><style type = "text/css">*{padding:0;margin:0}p{color:white}.f{background-color:#ff7c00;width:100%;margin-left:auto;margin-right:auto;height:100%}.c h1{color:white;line-height:80px}.r{word-break:break-all;float:left;width:100%;text-align:center}</style></head><body><div class="f"><div class="c"><h1 align="center"><<<Venus>>></h1></div><div class="r"><p></br></br></br></br><strong>We downloaded and encrypted your data.</strong></br>Only we can decrypt your data.<br><strong>IMPORTANT!</strong><br> If you, your programmers or your friends would try to help you to decrypt the files it can cause data loss even after you pay.<br> In this case we will not be able to help you.<br>Do not play with files.</p><p>Do not rename encrypted files.<br>Do not try to decrypt your data using third party software, it may cause permanent data loss.<br>Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam.</br>-----------------------------------------------------</br>Contact and send this file to us:<br><strong><br>email:[email protected]<br>email:[email protected]<br></strong><br><br>njUpGL4ybYXsjFWpsFzLr8i/fav12H8VbSivjtSOBwQGzs9Ehs6sjnS2+r8PR9or V1/0Zzs5uLzOeXgeECMqYiFyPmZ9+HEyfB9FWq59o/64aIQfHGyG6PP0YbpQYmKr U4jLl7dQsEqDophMtt5af+lLI6wd0qdqJTZfISnUcLIlIzdEWX7ZSizWSvsuVMUJ RTQ9CpNHizUiiUSFX2T91jFhzbi3dL86Swzj3dXNtQy2PoRWcxVu9j89KQr3lgz0 oMU4uxsjGVuzzQhiBT6hWGpUKFXtCdZZUSON0ta9byjPd5gLzuN0/a2eIxKU5W9t rOdt0vuJR1921Mx03UMqhwuIMQOBjXCNN1/XkWtArh1xap3qpCtxmyPTOzv5QaXu 4uO+Exe3jm1Tj2sq0StfJB1PIgHvPbTj3fD2lp+EYGRKXClg1Qo7WzHE9icq9FO+ BODaoM28JSD3+bGH9/pXJcTV9Iqc/PClP0ID/kLGoIzyP1APEt/U7j2gM1zDCx1y vb315HL7kg9NL20pljOvgjaxs7quWSXYo+cur61sgH1KajNuE4qP+VNJn/bo70W/ Pe1LHv/rOHVOFenAdEIXwlgQBEK0VY5ksb00QBOj3Nw0UZyGgdg4Ed7/x92o0YfT pK1KqyPyyUit </p></div></body></html></html></body></html>

Emails

us:<br><strong><br>email:[email protected]<br>email:[email protected]<br></strong><br><br>njUpGL4ybYXsjFWpsFzLr8i/fav12H8VbSivjtSOBwQGzs9Ehs6sjnS2+r8PR9or

Targets

- Target
  
  0a1dbcff63619c4d9072484bb17b3d06300504e836e42df98eadf57e7ad0d0be.exe
- Size
  
  225KB
- MD5
  
  8691dae21568faaeda49bcd640e1ad23
- SHA1
  
  524b589ef403ff21cf040ef33c21b1d6d8235feb
- SHA256
  
  0a1dbcff63619c4d9072484bb17b3d06300504e836e42df98eadf57e7ad0d0be
- SHA512
  
  870aedf4a6ee62cbfdc4c094ddf3da08fb603dc248e36baa9ae833b5f22e930650f97b7d1d1a78787c5ae40e03d131b1814ca34a7264cc9b311cb92f2f1eb30d
- SSDEEP
  
  6144:2NRgzJmXrQwAPj5XJkcXV50DErs5xgTw7ozFz254W:URglerQwAjkzDZGcoxfW
Score

10^/10

venus persistence ransomware
- Venus
  Venus is a ransomware first seen in 2022.
  ransomware venus
- Venus Ransomware
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2