Overview
overview
10Static
static
10Venom_RAT_...to.dll
windows10-2004-x64
1Venom_RAT_...I2.dll
windows10-2004-x64
1Venom_RAT_...rd.dll
windows10-2004-x64
1Venom_RAT_...ra.dll
windows10-2004-x64
1Venom_RAT_...er.dll
windows10-2004-x64
1Venom_RAT_...un.dll
windows10-2004-x64
1Venom_RAT_...on.dll
windows10-2004-x64
1Venom_RAT_...er.exe
windows10-2004-x64
1Venom_RAT_...er.dll
windows10-2004-x64
1Venom_RAT_...ib.dll
windows10-2004-x64
1Venom_RAT_...us.dll
windows10-2004-x64
1Venom_RAT_...at.dll
windows10-2004-x64
1Venom_RAT_...ns.dll
windows10-2004-x64
1Venom_RAT_...nt.exe
windows10-2004-x64
10Venom_RAT_...em.dll
windows10-2004-x64
1Venom_RAT_...NC.exe
windows10-2004-x64
10Venom_RAT_...Ip.dll
windows10-2004-x64
1Venom_RAT_...ib.dll
windows10-2004-x64
1Venom_RAT_...ib.dll
windows10-2004-x64
1Venom_RAT_...et.dll
windows10-2004-x64
1Venom_RAT_...ate.js
windows10-2004-x64
1Venom_RAT_...er.vbs
windows10-2004-x64
1Venom_RAT_...URL.js
windows10-2004-x64
1Venom_RAT_...VNC.js
windows10-2004-x64
1Venom_RAT_...der.js
windows10-2004-x64
1Venom_RAT_...oxy.js
windows10-2004-x64
1Venom_RAT_...56.ps1
windows10-2004-x64
1Venom_RAT_...nts.js
windows10-2004-x64
1Venom_RAT_...ner.js
windows10-2004-x64
1Venom_RAT_...ain.js
windows10-2004-x64
1Venom_RAT_...der.js
windows10-2004-x64
1Venom_RAT_...ate.js
windows10-2004-x64
1Analysis
-
max time kernel
147s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
26-03-2023 23:39
Behavioral task
behavioral1
Sample
Venom_RAT_COMPILED/BouncyCastle.Crypto.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral2
Sample
Venom_RAT_COMPILED/Guna.UI2.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Venom_RAT_COMPILED/Plugins/Discord.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
Venom_RAT_COMPILED/Plugins/Extra.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Venom_RAT_COMPILED/Plugins/FileSearcher.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
Venom_RAT_COMPILED/Plugins/Fun.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Venom_RAT_COMPILED/Plugins/Information.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral8
Sample
Venom_RAT_COMPILED/Plugins/Keylogger.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
Venom_RAT_COMPILED/Plugins/Logger.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral10
Sample
Venom_RAT_COMPILED/Plugins/MessagePackLib.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
Venom_RAT_COMPILED/Plugins/Miscellaneous.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral12
Sample
Venom_RAT_COMPILED/Plugins/Netstat.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
Venom_RAT_COMPILED/Plugins/Options.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral14
Sample
Venom_RAT_COMPILED/Stub/Client.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
Venom_RAT_COMPILED/System.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral16
Sample
Venom_RAT_COMPILED/Venom RAT + HVNC.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
Venom_RAT_COMPILED/cGeoIp.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral18
Sample
Venom_RAT_COMPILED/dnlib.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral19
Sample
Venom_RAT_COMPILED/mscorlib.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral20
Sample
Venom_RAT_COMPILED/protobuf-net.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/HVNC/FrmMassUpdate.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral22
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/HVNC/FrmTransfer.vbs
Resource
win10v2004-20230221-en
Behavioral task
behavioral23
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/HVNC/FrmURL.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral24
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/HVNC/FrmVNC.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/HVNC/WebBuilder/WebBuilder.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral26
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/Quasar/Server/Forms/FrmReverseProxy.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral27
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/Server/Algorithm/Aes256.ps1
Resource
win10v2004-20230220-en
Behavioral task
behavioral28
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/Server/Connection/Clients.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral29
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/Server/Connection/Listener.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral30
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/Server/FormMain.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral31
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/Server/Forms/FormBuilder.js
Resource
win10v2004-20230221-en
Behavioral task
behavioral32
Sample
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/Server/Forms/FormCertificate.js
Resource
win10v2004-20230220-en
General
-
Target
Venom_RAT_SOURCE_CODE/Venom RAT + HVNC/Server/Algorithm/Aes256.ps1
-
Size
4KB
-
MD5
eb8efec2a8471d9e8c27029ec0432d61
-
SHA1
d776eb83e3acffb47901d622eba766a93e9cbc0b
-
SHA256
952a3ba7d9f5c668a2e48fbb4aa89208e140ef37c557d22e4ea98c6d7e0274b2
-
SHA512
6b75e7001390958a49ed6cf0260d2107b58956c18eadb6d6e860cd8750fc1101f7bcf9957e4d372ed9cc4116ea31c58a175d104c87dd229751c725ada800cf83
-
SSDEEP
96:JoUbc9jFGhTlgGlkjJjqj1jUjX6jcjmjejGjJjojPZ3sO0rO9ZWCGjJjqj1jUjXi:IFklgGl0F6REXq82+WFYPp0rOiCWF6RF
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 2188 powershell.exe 2188 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2188 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Venom_RAT_SOURCE_CODE\Venom RAT + HVNC\Server\Algorithm\Aes256.ps1"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_erwcvumz.tac.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
memory/2188-138-0x000002C4FB470000-0x000002C4FB480000-memory.dmpFilesize
64KB
-
memory/2188-143-0x000002C4FB470000-0x000002C4FB480000-memory.dmpFilesize
64KB
-
memory/2188-144-0x000002C4FB430000-0x000002C4FB452000-memory.dmpFilesize
136KB
-
memory/2188-145-0x000002C4FB470000-0x000002C4FB480000-memory.dmpFilesize
64KB
-
memory/2188-146-0x000002C4FB470000-0x000002C4FB480000-memory.dmpFilesize
64KB