Overview

overview

10

Static

static

10

VenomRAT.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1793s
  • max time network
    1802s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-03-2024 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VenomRAT.exe

  • Size

    5.4MB

  • MD5

    b0dab6cd0e9d35492253d0f52e141500

  • SHA1

    0c8f2b5d5212c33aed8dae3aa63dc2cb77e3b33f

  • SHA256

    e1e909014437724aba43b2aa8e47aa01e56d6d47f5f37d883000d5f42e763a4c

  • SHA512

    2f656e396bc76656a33cc21e38bf55f811bbcb9dc19784298110ba0e86302055adfb891433b63a37ae9c8911e884974f5c2a6d5f5c6ad0d725aed2e0f30c82b4

  • SSDEEP

    49152:WTiGhIjd1axByJUhitEbL4I+j9+qDKai8mnbqFt4048ZDYOfkCFZ+XYvgp2h3tUd:W/hNLOI2uKHKJgJ+B+t

Score
10/10
lucastealerspywarestealer

Malware Config

Extracted

Family

lucastealer

C2

https://api.telegram.org/bot5428876226:AAFBchyLgjGmB_WG7TBXAtjIewC0an-KRm4

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\VenomRAT.exe
    "C:\Users\Admin\AppData\Local\Temp\VenomRAT.exe"
    1⤵
    • Deletes itself
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    PID:3012
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1584
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3736 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1272

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\en-US-89.149.23.59-[Admin].zip
        Filesize

        1.7MB

        MD5

        c47ff5df2bf2b4e88a116eab10b41a76

        SHA1

        b1babaa8567ed5038b4a74700048a5cde86c78b2

        SHA256

        bb7dbf02c6591b9f5df047211692daa6999f177e95b84c8fea69946d2fbd70b8

        SHA512

        59aa78642ba7406c41219c11d5195ab8426682bfe4ed880c2415ad45c0128c230a641195e7997d0eb99033b44d3e652ec8ae038990c047d78b107c51399c7353

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\sensfiles.zip
        Filesize

        1.2MB

        MD5

        ebe0c31031d54bb10160fd43f5876046

        SHA1

        b2a04c93896176a0fb7302e4a48a3324e5a73fb8

        SHA256

        ab3534e36158497889bdd947391e5bfe380e17928c57d51137c4f36dce618d95

        SHA512

        bc9bef8c213cf0b9e6123a12307126c2e782d506724706a4ffe5ad754a9925ab1e9ce666223f5993f31bb16515ef32f1c8109e88db43427a145f71474b65c2c8

        Download Submit

      • memory/3012-33-0x00007FF70BB50000-0x00007FF70C0B1000-memory.dmp

        Filesize

        5.4MB

        Download