Overview

overview

10

Static

static

10

VenomRAT-V...NC.rar

windows11-21h2-x64

3

VenomRAT-V...to.dll

windows11-21h2-x64

1

VenomRAT-V...I2.dll

windows11-21h2-x64

1

VenomRAT-V...on.dll

windows11-21h2-x64

1

VenomRAT-V...or.dll

windows11-21h2-x64

1

VenomRAT-V...er.exe

windows11-21h2-x64

1

VenomRAT-V...on.dll

windows11-21h2-x64

1

VenomRAT-V...io.dll

windows11-21h2-x64

1

VenomRAT-V...at.dll

windows11-21h2-x64

1

VenomRAT-V...rd.dll

windows11-21h2-x64

1

VenomRAT-V...ra.dll

windows11-21h2-x64

1

VenomRAT-V...er.dll

windows11-21h2-x64

1

VenomRAT-V...er.dll

windows11-21h2-x64

1

VenomRAT-V...un.dll

windows11-21h2-x64

1

VenomRAT-V...on.dll

windows11-21h2-x64

1

VenomRAT-V...er.exe

windows11-21h2-x64

1

VenomRAT-V...er.dll

windows11-21h2-x64

1

VenomRAT-V...ib.dll

windows11-21h2-x64

1

VenomRAT-V...us.dll

windows11-21h2-x64

1

VenomRAT-V...at.dll

windows11-21h2-x64

1

VenomRAT-V...ns.dll

windows11-21h2-x64

1

VenomRAT-V...er.dll

windows11-21h2-x64

1

VenomRAT-V...ry.dll

windows11-21h2-x64

1

VenomRAT-V...it.dll

windows11-21h2-x64

1

VenomRAT-V...ra.dll

windows11-21h2-x64

1

VenomRAT-V...op.dll

windows11-21h2-x64

1

VenomRAT-V...xy.dll

windows11-21h2-x64

1

VenomRAT-V...ion.db

windows11-21h2-x64

3

VenomRAT-V...te.p12

windows11-21h2-x64

5

VenomRAT-V...nt.pdb

windows11-21h2-x64

3

VenomRAT-V...config

windows11-21h2-x64

3

VenomRAT-V...icense

windows11-21h2-x64

3

Analysis

  • max time kernel
    0s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02-06-2024 21:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VenomRAT-V5.6-HVNC/ServerCertificate.p12

  • Size

    1KB

  • MD5

    6ce85262afbc028314bdf6fe9aa718a5

  • SHA1

    b59fe71c2ebd80df9e3ba5681ff6e36c90c2f0a8

  • SHA256

    74eba079b36c835cd89af395cf53272c53351cd851efb140a8152410c4e2973e

  • SHA512

    8ac1198de48c3acab03482958ccd5044561599373338f0bb9ff203c0d596b810143d420ebdcb20abd60a1383a08e70f7ddac6fa9b304a0a3a61aa06af030e6fb

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenPFX C:\Users\Admin\AppData\Local\Temp\VenomRAT-V5.6-HVNC\ServerCertificate.p12
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:440
    • C:\Windows\System32\mmc.exe
      "C:\Windows\System32\mmc.exe" C:\Windows\system32\certmgr.msc /certmgr:FileName="C:\Users\Admin\AppData\Local\Temp\VenomRAT-V5.6-HVNC\ServerCertificate.p12"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4376

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads