Overview

overview

10

Static

static

3

VenomClient.exe

windows7-x64

10

VenomClient.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2023, 04:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VenomClient.exe

  • Size

    1.0MB

  • MD5

    946c7e976efefd4d2cd134dc3d884fe1

  • SHA1

    8ddf0dac85719a03e03114eab2f3a9a3f1f5c125

  • SHA256

    811e02d249ebce5faa385b01605297d336d2d79b38e6aab3d39b7c16130e292c

  • SHA512

    239a2bf2aee7e1bc0eed3ae02f7b13981f93f635036adf1ee5ea4a9d72b45d4756447afd273b25c68922b585786b0d4ddc61d66c3231947d514768215964b210

  • SSDEEP

    24576:ZwV7Scs+DPiLFEHTCxRXIeDHX+JSQuYHuOjwaWfDjxExnDYPtimEM0J:Z+7Scs+DP5zkRXIeX+JSQuYHuOjwaWfs

Score
10/10
elysiumstealerstealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • ElysiumStealer Support DLL 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VenomClient.exe
    "C:\Users\Admin\AppData\Local\Temp\VenomClient.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 636
      2⤵
      • Program crash
      PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll
    Filesize

    40KB

    MD5

    94173de2e35aa8d621fc1c4f54b2a082

    SHA1

    fbb2266ee47f88462560f0370edb329554cd5869

    SHA256

    7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

    SHA512

    cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

    Download Submit

  • memory/2468-55-0x00000000748E0000-0x0000000074FCE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2468-54-0x0000000000010000-0x000000000011C000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2468-56-0x0000000002360000-0x00000000023A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2468-57-0x00000000004B0000-0x00000000004C4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2468-58-0x0000000076460000-0x0000000076570000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2468-62-0x00000000748E0000-0x0000000074FCE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2468-63-0x0000000002360000-0x00000000023A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2468-64-0x0000000076460000-0x0000000076570000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2468-65-0x00000000748E0000-0x0000000074FCE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2468-66-0x0000000076460000-0x0000000076570000-memory.dmp

    Filesize

    1.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.