Overview
overview
10Static
static
10VenomCrypt...ib.dll
windows7-x64
1VenomCrypt...ib.dll
windows10-2004-x64
1VenomCrypt...or.exe
windows7-x64
10VenomCrypt...or.exe
windows10-2004-x64
10VenomCrypt...er.exe
windows7-x64
1VenomCrypt...er.exe
windows10-2004-x64
1VenomCrypt...I2.dll
windows7-x64
1VenomCrypt...I2.dll
windows10-2004-x64
1VenomCrypt...or.dll
windows7-x64
1VenomCrypt...or.dll
windows10-2004-x64
1VenomCrypt...er.exe
windows7-x64
10VenomCrypt...er.exe
windows10-2004-x64
10General
-
Target
VenomCrypter.zip
-
Size
13.1MB
-
Sample
231203-qp6vsscb36
-
MD5
6339a9df99f4fea3c2ab1afc78e879d9
-
SHA1
4ee6cc1d50730b5d48a878e4572b9958352a0755
-
SHA256
53c401f24e24cbe77b405737d35a12daed24ab8840abcfec197b9e8b5c7ff312
-
SHA512
404a6312bb344529f600193f31f2741e67ccdfb7d6d12627bd52664b89a664aee00527e20f620276ccf6082c749f3176d5bac7351fbb4e643f76127800b271bc
-
SSDEEP
393216:qxd4xvvYsd08zltBx0GLTN2R9hopFtUh1a:gKrzlXx13NK9+eXa
Behavioral task
behavioral1
Sample
VenomCrypter/Core/dnlib.dll
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
VenomCrypter/Core/dnlib.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral3
Sample
VenomCrypter/Core/dotnetreactor.exe
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
VenomCrypter/Core/dotnetreactor.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral5
Sample
VenomCrypter/Core/venom_crypter.exe
Resource
win7-20231025-en
Behavioral task
behavioral6
Sample
VenomCrypter/Core/venom_crypter.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral7
Sample
VenomCrypter/Guna.UI2.dll
Resource
win7-20231130-en
Behavioral task
behavioral8
Sample
VenomCrypter/Guna.UI2.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral9
Sample
VenomCrypter/SimpleObfuscator.dll
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
VenomCrypter/SimpleObfuscator.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral11
Sample
VenomCrypter/VenomCrypter.exe
Resource
win7-20231201-en
Malware Config
Targets
-
-
Target
VenomCrypter/Core/dnlib.dll
-
Size
1.1MB
-
MD5
5cc2bb48b5e8c8ac0b99669401d15456
-
SHA1
02e9ae08f3ec364834eb3ffc122f1c90e1b0e95e
-
SHA256
648950f725fb0320e09c52dcaf81764916df96dc62e7429ba67daea0acb784ea
-
SHA512
2867e94cee9f89f1cf85ad01083d75f4bc0bc0e551b2ffae05581828994f2b01a458ac7a7c94a45e8c40858ecce197f7ec23482ee13ef3f1bf82b33b89b3b420
-
SSDEEP
24576:/bN7xZgKVl/N12pljD7DM2l8xs5A/zYv7flNcK:DyJXn3ML7G
Score1/10 -
-
-
Target
VenomCrypter/Core/dotnetreactor.exe
-
Size
14.3MB
-
MD5
44b10b3b38df861e83d7fe0c06414bcd
-
SHA1
fc94d4422602455e01442855c8f35164ef97412d
-
SHA256
0133f4878d4441dad5c153b83b2cb70b510ff089814820cbfb4e88df31564c8e
-
SHA512
00ee844a109cc603c1308b13d4c64a71b076fec41d60f47952f333f1db3c03c389b159c0b13a39f5a4ceefdd1a5212d01c8e5e55db4bdbb8e860788087db4288
-
SSDEEP
196608:fk0F23nFoQ5RPoE72XoQZpChJwa/ThljpYvAksm8jb5HcT6Z:dQ3nFJQE74kpThbpM8JB
-
Detect ZGRat V1
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
-
-
Target
VenomCrypter/Core/venom_crypter.exe
-
Size
107KB
-
MD5
473b0559e3be87128dbf66e483150fbb
-
SHA1
3a710cf2366837dcdbf4ad2831044f1c594c2106
-
SHA256
a75977968a6ca4af41552ed47c4315c1782b12223f7001f8ae5c8547781724e0
-
SHA512
8e0bc5be8211504c37fc827262f8c76b6ef2811e20cbad3be3bbcdda705985e505fe6cb9255b079a0eddabe233f32a3932ec796665de8b54458e3c9730d322b6
-
SSDEEP
3072:bdZLLyEmnB0lc3fy000NMCUkpH2fydk0AK8QFAD1DEAPIu+bpcdjM0:ZZLLyEmnB0lcvy000NMv6H2fydIKxADm
Score1/10 -
-
-
Target
VenomCrypter/Guna.UI2.dll
-
Size
2.1MB
-
MD5
c05cf8543a06cf77ba8e3d03c1b39870
-
SHA1
40d53bcdc940fafccf02404866d9d917c0a84696
-
SHA256
f446f3daed76fa4d1fdfde1e00e9348ced91853662ba953e9beb8f0ac6450126
-
SHA512
07b959fab63ccf77072b70ae89f1ccc047fa4ba00fedff8503688125d9a2ca284811d4fb5c9125ff0468dd077ad2aae719b3b22067156f5c8a806f16890b9145
-
SSDEEP
49152:w34QXpXwn9cQPHvrkYsIJLBOrOcNTMzFon:wIQgcT
Score1/10 -
-
-
Target
VenomCrypter/SimpleObfuscator.dll
-
Size
1.4MB
-
MD5
9043d712208178c33ba8e942834ce457
-
SHA1
e0fa5c730bf127a33348f5d2a5673260ae3719d1
-
SHA256
b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c
-
SHA512
dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65
-
SSDEEP
24576:FDy7cKOfkiRrXP5WtJvW1mpjSWr7uoZme1V86:+8/AtJes1LJ
Score1/10 -
-
-
Target
VenomCrypter/VenomCrypter.exe
-
Size
995KB
-
MD5
b8f9138bd9a2c93a1b7ada47586c8202
-
SHA1
998850da4b2c4f5152d637222613b114338e6ba4
-
SHA256
54fc1ddf8dd8880f29ec3335d602de20f0b9ecafb9cd3dc9dc090ab6a1540535
-
SHA512
54b99cb1a821dab4a2c79560a13f637db1cae5658d2293e28c7449930052bcc35d4e92ad30a6d720224fcccf78c70aaace5c502bb8ba39e3fc7f607c2197a590
-
SSDEEP
24576:A6QogdyF69wA1s33ryeg5b0O9Xld7T7lY7NSe3TwHur8pOfVnnbeC13Uv8r:A5zdyF69mrU5nJ7lY7EaUHvYz
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-