General
-
Target
Venus_Tool.rar
-
Size
9.4MB
-
Sample
240628-ztt68ssanh
-
MD5
7f607e521c074beb44d6367edb47dab7
-
SHA1
7c289b2452562f101a290ed22c8935c7e774276e
-
SHA256
58be5988b695cac73ceb09a2626505f57774c5120c35566f8524fd5c317f8cbb
-
SHA512
844f2e6ca456f44ef5d7ae5f18bd5c4ec762d1396297e326f02551a37d8db9374df472a9cf8506b52472bb30dc6c76ca444b3ad35533c983d7cd5e691eca9d9c
-
SSDEEP
196608:qpx++xyS2rmsbDSie8LyMhQbzfHbzRscpEVq2KJyXLtj5zOdn:oxv92r5xeAhgzfRslqHJyhJO1
Behavioral task
behavioral1
Sample
Venus Tool/Venus Tool.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Venus Tool/Venus Tool.exe
-
Size
5.9MB
-
MD5
4238a832dbee926a3888e4ca18c9bff8
-
SHA1
3d1a7c8a85b33f7b71b6e3cd608c70b5fa19b07d
-
SHA256
88c11f9c63b5ab1f0e479c6d0fce5f9262496f7b76a918256181b677451909e3
-
SHA512
81fec5d57208a7f49dd3fed769841709e8ad890d277e1b6ee83b36c93608df18d8577bd7e61915d60f2c01aa3467ff5c36501a8fba4c85d9cbfdb48783663690
-
SSDEEP
98304:rN+nhjdRai65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFl9hikrK0ZM:rAnpIDOYjJlpZstQoS9Hf12VKX6biCGV
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-