Overview

overview

10

Static

static

10

Venom_RAT_...to.dll

windows10-2004-x64

1

Venom_RAT_...I2.dll

windows10-2004-x64

1

Venom_RAT_...rd.dll

windows10-2004-x64

1

Venom_RAT_...ra.dll

windows10-2004-x64

1

Venom_RAT_...er.dll

windows10-2004-x64

1

Venom_RAT_...un.dll

windows10-2004-x64

1

Venom_RAT_...on.dll

windows10-2004-x64

1

Venom_RAT_...er.exe

windows10-2004-x64

1

Venom_RAT_...er.dll

windows10-2004-x64

1

Venom_RAT_...ib.dll

windows10-2004-x64

1

Venom_RAT_...us.dll

windows10-2004-x64

1

Venom_RAT_...at.dll

windows10-2004-x64

1

Venom_RAT_...ns.dll

windows10-2004-x64

1

Venom_RAT_...nt.exe

windows10-2004-x64

10

Venom_RAT_...em.dll

windows10-2004-x64

1

Venom_RAT_...NC.exe

windows10-2004-x64

10

Venom_RAT_...Ip.dll

windows10-2004-x64

1

Venom_RAT_...ib.dll

windows10-2004-x64

1

Venom_RAT_...ib.dll

windows10-2004-x64

1

Venom_RAT_...et.dll

windows10-2004-x64

1

Venom_RAT_...ate.js

windows10-2004-x64

1

Venom_RAT_...er.vbs

windows10-2004-x64

1

Venom_RAT_...URL.js

windows10-2004-x64

1

Venom_RAT_...VNC.js

windows10-2004-x64

1

Venom_RAT_...der.js

windows10-2004-x64

1

Venom_RAT_...oxy.js

windows10-2004-x64

1

Venom_RAT_...56.ps1

windows10-2004-x64

1

Venom_RAT_...nts.js

windows10-2004-x64

1

Venom_RAT_...ner.js

windows10-2004-x64

1

Venom_RAT_...ain.js

windows10-2004-x64

1

Venom_RAT_...der.js

windows10-2004-x64

1

Venom_RAT_...ate.js

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-03-2023 23:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/Server/Algorithm/Aes256.ps1

  • Size

    4KB

  • MD5

    eb8efec2a8471d9e8c27029ec0432d61

  • SHA1

    d776eb83e3acffb47901d622eba766a93e9cbc0b

  • SHA256

    952a3ba7d9f5c668a2e48fbb4aa89208e140ef37c557d22e4ea98c6d7e0274b2

  • SHA512

    6b75e7001390958a49ed6cf0260d2107b58956c18eadb6d6e860cd8750fc1101f7bcf9957e4d372ed9cc4116ea31c58a175d104c87dd229751c725ada800cf83

  • SSDEEP

    96:JoUbc9jFGhTlgGlkjJjqj1jUjX6jcjmjejGjJjojPZ3sO0rO9ZWCGjJjqj1jUjXi:IFklgGl0F6REXq82+WFYPp0rOiCWF6RF

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Venom_RAT_SOURCE_CODE\Venom RAT + HVNC\Server\Algorithm\Aes256.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_erwcvumz.tac.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit
  • memory/2188-138-0x000002C4FB470000-0x000002C4FB480000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2188-143-0x000002C4FB470000-0x000002C4FB480000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2188-144-0x000002C4FB430000-0x000002C4FB452000-memory.dmp
    Filesize

    136KB

    Download
  • memory/2188-145-0x000002C4FB470000-0x000002C4FB480000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2188-146-0x000002C4FB470000-0x000002C4FB480000-memory.dmp
    Filesize

    64KB

    Download