Extracted

• • Target

    VenomRAT.exe

  • Size

    5.4MB

  • MD5

    b0dab6cd0e9d35492253d0f52e141500

  • SHA1

    0c8f2b5d5212c33aed8dae3aa63dc2cb77e3b33f

  • SHA256

    e1e909014437724aba43b2aa8e47aa01e56d6d47f5f37d883000d5f42e763a4c

  • SHA512

    2f656e396bc76656a33cc21e38bf55f811bbcb9dc19784298110ba0e86302055adfb891433b63a37ae9c8911e884974f5c2a6d5f5c6ad0d725aed2e0f30c82b4

  • SSDEEP

    49152:WTiGhIjd1axByJUhitEbL4I+j9+qDKai8mnbqFt4048ZDYOfkCFZ+XYvgp2h3tUd:W/hNLOI2uKHKJgJ+B+t

  Score

  10^/10

  lucastealerspywarestealer

  • Luca Stealer

    Info stealer written in Rust first seen in July 2022.

    stealerlucastealer

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1