General
-
Target
Release.rar
-
Size
6.6MB
-
Sample
230523-m7864afa29
-
MD5
8f351e4f842e44f6eb5971a15c0951b0
-
SHA1
65541893f4543f393f8e6af29f16c132459860bd
-
SHA256
f7e08115aa4fca9ce8dd2795a9ba5c8b8416f0f48a7b87900e160bf7bcbea08f
-
SHA512
0bbb319a962a5ebf93acd61bcfac7787607bf1214b3339ae1ac2776c9475d2c0719e54c2eb35477c28bf16a25213194ddf935f31619097b22b0413d1a68991f5
-
SSDEEP
196608:iKFim8lh+N0852wkz5qxm9vBEqUJrXu/cTEaHN:vFim8lh+r52NqQtG1u/cHHN
Behavioral task
behavioral1
Sample
VenomRAT_HVNC.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
cGeoIp.dll
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
VenomRAT_HVNC.exe
-
Size
16.5MB
-
MD5
31be8acd11aa5738dd970410adb597da
-
SHA1
cd4d52b884066e1a47fd27b616cfafeb66225cde
-
SHA256
e78a5ee885dc3b170a5e009aaf1a2db565ac1bf729a0c2195ebfe56420717abb
-
SHA512
ee621bf362cd717d9b026f14e5ff1da5f28fbdb5c58dacd3a8da120e5472baaaef22b052a08d51d49b6dae30cf15178b588acd5cb3596c2e0f2ef533e467ba94
-
SSDEEP
393216:Hl9Yl7Elel7ElAlQleTl/l/l/l/l/lzlml/lqlZlHl/l/l/l/l/l/lIlAl+lUl2+:JTXT
-
Async RAT payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
cGeoIp.dll
-
Size
2.3MB
-
MD5
6d6e172e7965d1250a4a6f8a0513aa9f
-
SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b
-
SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
-
SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155
-
SSDEEP
24576:TRgJE8pkCLLe/K43EnnnclQwIqJY0OjklWXQMFBRpmkL/59ah0USm3uwl00odi9p:TRgfX/59a6USdi9Ues6bV6boLO6r
Score1/10 -