Overview

overview

10

Static

static

10

Venom-Rat-...ed.exe

windows11-21h2-x64

8

Majid Z Hacker.exe

windows11-21h2-x64

8

Venom Cracked.exe

windows11-21h2-x64

1

Venom-Rat-...ed.exe

windows11-21h2-x64

10

Venom Cracked.exe

windows11-21h2-x64

1

Venom-Rat-...AT.exe

windows11-21h2-x64

1

Venom-Rat-...er.exe

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Venom-Rat-Cracked--main.zip

  • Size

    33.8MB

  • Sample

    240531-nfg4zaff3v

  • MD5

    c8fba8be27bdfbe60de014aaecc83a68

  • SHA1

    8c9529de89bd53491e10c3e8c7b35c0d4400e6d1

  • SHA256

    f911a357abf083c321d7240e1070b470c9d2a64c1503700dbec45980c88c0aa4

  • SHA512

    dfab827a10867022a5833f1af71e5abb3915f792326956ed3859b57b9ef83f6d5cc1b87ffd34c827878289fe581968c75d5f279930ee023ea6496730a86d3c15

  • SSDEEP

    786432:Gm20c7pW2y9SIE9lzOG2WMJx+8PxQ4I+zFZx4vFqnb:FqKSIEztoJQ4nzFn4Fqnb

Score
10/10
njratquasarhackedevasionpersistencespywarestealertrojanupx

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hackerguru.duckdns.org:6666

Mutex

8b3c87226fd3a4e8b8191141ea7a593c

Attributes
  • reg_key

    8b3c87226fd3a4e8b8191141ea7a593c

  • splitter

    |'|'|

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Targets

    • Target

      Venom-Rat-Cracked--main/Venom Activated Cracked.exe

    • Size

      10.1MB

    • MD5

      4dabfeed4b250a3248714458ae370ca8

    • SHA1

      6e215b2a20039a4dbde18579a1419a4eb10946ac

    • SHA256

      eb23cbc820d2b8fdc0227b2e89274edf2671163cae40e0a9bb930b91c05ac3a9

    • SHA512

      7ea826cf27da942ce2e9db4a800b3c247670a8fc260af8686d14c48583f38f14b935d5af282a3774a9811f0957ca7318dc883307254554e907f7cfb5f6419a4c

    • SSDEEP

      196608:m6+0f/ylacMb5mCbClb12UK4RDx5gRIAL1xXPm68DwOHRR+kc4N4FmDdgW7NaREE:m0f/KacMbR2J2UKEdiRIAL1xXPCwkEn7

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

    • Target

      Majid Z Hacker.exe

    • Size

      462KB

    • MD5

      a8a8d6f3b48466242959545235d1c9b6

    • SHA1

      0c2d670dc3b3b07a2498756e1d46fd1fee53a621

    • SHA256

      09d709640f6884d6b7e7501175cfdcc3724df07785c081c0e14b20cbcdf382ec

    • SHA512

      09f08dd6026b2e24a05e20505723055deceffaba3d351dd49cdc934d038ef0796a3d8d481fe7734b3ec3ba80f4800994983441204dbc3f12baf4f637534a4796

    • SSDEEP

      12288:6rs81bE0LfUk6XLbwxMY4R/3CDOpeYYhN7zjYC/M:6H5rh6XPbYuCDOpmPzjZM

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral2

    • Target

      Venom Cracked.exe

    • Size

      12.1MB

    • MD5

      750015e08a9409c80cd3837daebb970a

    • SHA1

      bfd1122f8c459862717b0b7a50b7216fc2573880

    • SHA256

      3c413ee4b07c531c891ac1852d3d1b6a60bdc92e549e9cf4744d4fe85ebb5de2

    • SHA512

      f35938eac84d6084d9239977462c965bab95924895cd2b73e501a7d7c2ff400aaeaefbdc3302ac8f8c13cd49e22d19e95ef530cf1cc10f79f6ab62653021e5ac

    • SSDEEP

      196608:vThKmURVoq/uR12RVoq/uR1bnhmdmARsDymuPP3m:PCd/i14d/i1bn0oAWdG3m

    Score
    1/10
    behavioral3

    • Target

      Venom-Rat-Cracked--main/Venom Software RAT Activated Cracked.exe

    • Size

      9.8MB

    • MD5

      1947749a785b384a9bfe51d57c796ae9

    • SHA1

      db986cb4503589a2319e596b799c878ec4d4a990

    • SHA256

      6018e4099dca3d452ecc8fe34f5e6d00b2b43c5c21cdea1b4c53c7025376048a

    • SHA512

      3e82f60c595a5fc25043729366137ea35f2037bf23b78248cf8946a2edb39c6af4c9159c9c5b6c876148ef8b06468d975a4f6e413319b6ebc9712920f3c5829e

    • SSDEEP

      196608:w6+0f/ylacMb5mCbClb12UK4RDx5gRIAL1xXPm68DwOHRR+kc4N4FmDdgW7U:40f/KacMbR2J2UKEdiRIAL1xXPCwkEn3

    Score
    10/10
    evasionpersistencespywarestealertrojan

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral4

    • Target

      Venom Cracked.exe

    • Size

      12.1MB

    • MD5

      750015e08a9409c80cd3837daebb970a

    • SHA1

      bfd1122f8c459862717b0b7a50b7216fc2573880

    • SHA256

      3c413ee4b07c531c891ac1852d3d1b6a60bdc92e549e9cf4744d4fe85ebb5de2

    • SHA512

      f35938eac84d6084d9239977462c965bab95924895cd2b73e501a7d7c2ff400aaeaefbdc3302ac8f8c13cd49e22d19e95ef530cf1cc10f79f6ab62653021e5ac

    • SSDEEP

      196608:vThKmURVoq/uR12RVoq/uR1bnhmdmARsDymuPP3m:PCd/i14d/i1bn0oAWdG3m

    Score
    1/10
    behavioral5

    • Target

      Venom-Rat-Cracked--main/Venom Software RAT.exe

    • Size

      12.1MB

    • MD5

      750015e08a9409c80cd3837daebb970a

    • SHA1

      bfd1122f8c459862717b0b7a50b7216fc2573880

    • SHA256

      3c413ee4b07c531c891ac1852d3d1b6a60bdc92e549e9cf4744d4fe85ebb5de2

    • SHA512

      f35938eac84d6084d9239977462c965bab95924895cd2b73e501a7d7c2ff400aaeaefbdc3302ac8f8c13cd49e22d19e95ef530cf1cc10f79f6ab62653021e5ac

    • SSDEEP

      196608:vThKmURVoq/uR12RVoq/uR1bnhmdmARsDymuPP3m:PCd/i14d/i1bn0oAWdG3m

    Score
    1/10
    behavioral6

    • Target

      Venom-Rat-Cracked--main/vncviewer.exe

    • Size

      1.3MB

    • MD5

      311de77bcdf9808908f628ecd26a098b

    • SHA1

      67ad163f8e74c36a702ca9ad721f1bd73574dcd6

    • SHA256

      dac7f8191d05a8f2ab0f05c975bae826a2bb4c10bd6b40b0b1be0a260f5cd558

    • SHA512

      b2a3e552d6e17a8d4fbe8747ce41423768a3ccb975c496c76291a5f240e011a597b3e3a83175e2387301a72d8c977ab59175bc555e1e706bd5268afdeaf5980b

    • SSDEEP

      24576:ba9hax4UZ1uwPKx2pShQTKv/KwEqXpP5fPM8M5lc:CabHKx2kqTKv/pXbPM8M5l

    Score
    1/10
    behavioral7

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

2
T1091

Execution

Persistence

Create or Modify System Process

4
T1543

Windows Service

4
T1543.003

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

3
T1547.001

Privilege Escalation

Create or Modify System Process

4
T1543

Windows Service

4
T1543.003

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

3
T1547.001

Defense Evasion

Impair Defenses

4
T1562

Disable or Modify Tools

1
T1562.001

Disable or Modify System Firewall

3
T1562.004

Modify Registry

4
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

System Information Discovery

6
T1082

Query Registry

3
T1012

Lateral Movement

Replication Through Removable Media

2
T1091

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks