General

  • Target

    Venus_Tool.rar

  • Size

    9.4MB

  • Sample

    240628-ztt68ssanh

  • MD5

    7f607e521c074beb44d6367edb47dab7

  • SHA1

    7c289b2452562f101a290ed22c8935c7e774276e

  • SHA256

    58be5988b695cac73ceb09a2626505f57774c5120c35566f8524fd5c317f8cbb

  • SHA512

    844f2e6ca456f44ef5d7ae5f18bd5c4ec762d1396297e326f02551a37d8db9374df472a9cf8506b52472bb30dc6c76ca444b3ad35533c983d7cd5e691eca9d9c

  • SSDEEP

    196608:qpx++xyS2rmsbDSie8LyMhQbzfHbzRscpEVq2KJyXLtj5zOdn:oxv92r5xeAhgzfRslqHJyhJO1

Malware Config

Targets

    • Target

      Venus Tool/Venus Tool.exe

    • Size

      5.9MB

    • MD5

      4238a832dbee926a3888e4ca18c9bff8

    • SHA1

      3d1a7c8a85b33f7b71b6e3cd608c70b5fa19b07d

    • SHA256

      88c11f9c63b5ab1f0e479c6d0fce5f9262496f7b76a918256181b677451909e3

    • SHA512

      81fec5d57208a7f49dd3fed769841709e8ad890d277e1b6ee83b36c93608df18d8577bd7e61915d60f2c01aa3467ff5c36501a8fba4c85d9cbfdb48783663690

    • SSDEEP

      98304:rN+nhjdRai65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFl9hikrK0ZM:rAnpIDOYjJlpZstQoS9Hf12VKX6biCGV

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks