Overview

overview

10

Static

static

10

Venus Tool...ol.exe

windows10-1703-x64

10

Venus Tool/crack.dll

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Venus_Tool.rar

  • Size

    9.4MB

  • Sample

    240628-pzblzashll

  • MD5

    7f607e521c074beb44d6367edb47dab7

  • SHA1

    7c289b2452562f101a290ed22c8935c7e774276e

  • SHA256

    58be5988b695cac73ceb09a2626505f57774c5120c35566f8524fd5c317f8cbb

  • SHA512

    844f2e6ca456f44ef5d7ae5f18bd5c4ec762d1396297e326f02551a37d8db9374df472a9cf8506b52472bb30dc6c76ca444b3ad35533c983d7cd5e691eca9d9c

  • SSDEEP

    196608:qpx++xyS2rmsbDSie8LyMhQbzfHbzRscpEVq2KJyXLtj5zOdn:oxv92r5xeAhgzfRslqHJyhJO1

Score
10/10
blankgrabberevasionexecutionpersistenceprivilege_escalationspywarestealertrojanupx

Malware Config

Targets

    • Target

      Venus Tool/Venus Tool.exe

    • Size

      5.9MB

    • MD5

      4238a832dbee926a3888e4ca18c9bff8

    • SHA1

      3d1a7c8a85b33f7b71b6e3cd608c70b5fa19b07d

    • SHA256

      88c11f9c63b5ab1f0e479c6d0fce5f9262496f7b76a918256181b677451909e3

    • SHA512

      81fec5d57208a7f49dd3fed769841709e8ad890d277e1b6ee83b36c93608df18d8577bd7e61915d60f2c01aa3467ff5c36501a8fba4c85d9cbfdb48783663690

    • SSDEEP

      98304:rN+nhjdRai65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFl9hikrK0ZM:rAnpIDOYjJlpZstQoS9Hf12VKX6biCGV

    Score
    10/10
    evasionexecutionpersistenceprivilege_escalationspywarestealerupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      Venus Tool/crack.dll

    • Size

      5.0MB

    • MD5

      b5b1b26e855eda6268b9a2008e0fce86

    • SHA1

      d7925f7de5835e3564b187d8654bb9305ea945fb

    • SHA256

      06dec4f9857f7b9a43157756606546d04a0f34c87681c7db9aab9125a43b33a7

    • SHA512

      14ad2e93ed5876dd246ce6f32674e994b4f35a5acbb1ac46388bebc682a70ce4eca974fda102c273c71dae3c9bc7b69f965fd636cb2d5c579de9cd23e8b35799

    • SSDEEP

      98304:j+YCYfXbb8DckgAEhxWiHF/5DoNZ2qkFVwz7583lfdmjLdGGf:jP8QDDRF/eNsqgiZ

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks