Malware Analysis Report

2024-09-23 03:07

Sample ID 240629-a341cswgqa
Target VenomRAT v6.0.3 (+SOURCE).7z
SHA256 46c17ffefbfcaa044cbbcbb33d6219da84538c22a51e53bff647c87da33a0bd9
Tags
asyncrat default rat stormkitty
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

46c17ffefbfcaa044cbbcbb33d6219da84538c22a51e53bff647c87da33a0bd9

Threat Level: Known bad

The file VenomRAT v6.0.3 (+SOURCE).7z was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat stormkitty

StormKitty payload

Async RAT payload

AsyncRat

Asyncrat family

Stormkitty family

Async RAT payload

Executes dropped EXE

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-29 00:46

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Asyncrat family

asyncrat

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-29 00:45

Reported

2024-06-29 00:50

Platform

win11-20240611-en

Max time kernel

215s

Max time network

212s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE).7z"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0 = 8000310000000000f656fa46100056454e4f4d527e312e33285f0000640009000400efbedd58f105dd58f2052e000000b4aa0200000001000000000000000000000000000000805a0f00560065006e006f006d005200410054002000760036002e0030002e003300200028002b0053004f005500520043004500290000001c000000 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000031afb98348bcda01e416f3eebdc9da01e416f3eebdc9da0114000000 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0 = 7e00310000000000ba563294100056454e4f4d527e312e3328530000620009000400efbedd58f105dd58f2052e000000b5aa02000000010000000000000000000000000000007b4b0701560065006e006f006d005200410054002000760036002e0030002e0033002000280053004f005500520043004500290000001c000000 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 = 7e00310000000000dd58f20511004465736b746f7000680009000400efbecb588aaddd58f2052e000000745702000000010000000000000000003e00000000001cad40004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0\NodeSlot = "5" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "6" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0\MRUListEx = ffffffff C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Keylogger.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE).7z"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE).7z"

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe

"C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe"

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Keylogger.exe

"C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Keylogger.exe"

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe

"C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe

"C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe

"C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe

"C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe

"C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\donut.exe

"C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\donut.exe" -f C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Stub\tempClient.exe -o

Network

Country Destination Domain Proto
FI 95.216.52.21:7575 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zE4A209A87\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe.config

MD5 a1c2a2870001b66db41bcb020bff1c2d
SHA1 8c54c6a3564c8892aa9baa15573682e64f3659d9
SHA256 0aa9e3ab5c88c5761120206eff5c6e35c90288290b3647a942059705ef5b75e5
SHA512 b3bf53120203cfaa951f301b532849cb382d2404c9503916bc1ca39925a9a1530b01045f341fc75d47d65130d0187dcbbf4288b9ef46aa81624b59ba7802794b

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe

MD5 3935ef8202cd8040741138a14b0655f0
SHA1 54cf02cf472111b57ac5329a408b2f858e2f3b86
SHA256 3a7efdc3d85adf7a5484ef17549db47be2a78b4b6892d93dd91958bb9a9edb82
SHA512 cbc24bde07ec9d1372869ce697ba3fcc76a7be2b75122af1f283160551dfc2dd18f77bc24ed0fff37b49dc7c8b0ffd41001f238595bec0c4761a5f4a79ec5ff1

memory/4196-546-0x0000000000A80000-0x0000000000A96000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Keylogger.exe

MD5 b8607b7921cd9cba78058fcb56bcfb9d
SHA1 1344f12ff7e23122b62fcc7f3be548c73d3c3efd
SHA256 b2a992052d32a5b9d3702350b133289b45a8d209acd0161d9c3b0bc6fd702b3c
SHA512 dd36040e57f2744437684e257caac0987a90deac0a60536f1cb8d690e256505d427931a3beb8d58f87c2c1bf5beb0a40c4b09417c451a07e5856044efbac1449

memory/2324-549-0x0000000000280000-0x0000000000288000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe

MD5 3b3a304c6fc7a3a1d9390d7cbff56634
SHA1 e8bd5244e6362968f5017680da33f1e90ae63dd7
SHA256 7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58
SHA512 7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5

memory/3836-553-0x00000244C73C0000-0x00000244C81F4000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Utils.v22.1.dll

MD5 07adc748684fd33a198f2dc6eea12666
SHA1 28f62a05673447a3a347aa6a01ae8cd518126956
SHA256 50cba5304bf0a620c119a610e73f545fee688462860706785db507110739a093
SHA512 893829cb3e1a27e5cbcab9a3b7ef290b1ec74cb21fc46358f2a08a3149d54bd34258046ac47387ad5777d794478230bf2605897e7259ac7a0241dc1272e121ab

memory/3836-555-0x00000244E3C70000-0x00000244E5074000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.v22.1.dll

MD5 5c3017ec9073a7a4f3351440c3daaa8a
SHA1 ee1f73f8618439fc8a42f38b32760367bd5ce6b5
SHA256 e8d4940767c992e14acb77ba1140d5dac56683afe5096e1b08408b0767466e33
SHA512 5d98631f754067e659400183134024cc2a4c22ba4a43ddf592791e01eca5cf1530eabcc4ee34beb7507c56dd02a80ba4704db389753a3119657e1d822c68c02a

memory/3836-557-0x00000244E2D80000-0x00000244E3292000-memory.dmp

memory/3836-559-0x00000244E2AC0000-0x00000244E2D12000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\cGeoIp.dll

MD5 6d6e172e7965d1250a4a6f8a0513aa9f
SHA1 b0fd4f64e837f48682874251c93258ee2cbcad2b
SHA256 d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
SHA512 35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.Desktop.v22.1.dll

MD5 e59c802bbbc1ebc554f3f7b6a3259ee1
SHA1 fdb4fa99e15d6519f18f7afe972fb2b128c5caf4
SHA256 d13e0c266cb9b98a911bbb87fd94cd9e5125e3bff93bb9b1032271e7507ef2f6
SHA512 34aa13fd54fa262405e68c5f915192fe02b9d2c6560f36c5a5c93ec399407b47996e2d4ed88c22286cc6d578a4356353a9540a729684272611350c4665119e73

memory/3836-563-0x00000244E2980000-0x00000244E29D0000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Drawing.v22.1.dll

MD5 cb877cd3b77a37f8e279fe7dc6b4ba6a
SHA1 a03989c1144a57e9088daa40f829a49298135b03
SHA256 bc0d40dcdcc9f3e2e7b7071ffb033811bb094cc6a63907c994acd5415b577930
SHA512 8dbbbe8606bd36c2efd4f456840c9cb5dd4966097f3a6a0e81104fe4a50695adf558612d74fd31978728455f699f6623e73dfd5e3fcd405e0afceebe83ddd97b

memory/3836-561-0x00000244E33F0000-0x00000244E34C8000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraEditors.v22.1.dll

MD5 9a4fa4e33d64f44451fc4223a5616355
SHA1 124caceb4e82537403a4b5e9b21487c369b69559
SHA256 fc4e229d2237af90eb1b76205b543098ee958cbc7558d7a6dab41b5210fdaef5
SHA512 869b25aa356a957ba361b4fcc1b3aa8363e7bd23a577538f904995ebaebb8a249398e35cf381f5ba06baed95c8dd3e5d6e3aea8efe5ac8e48ca2482c9d549bf9

memory/3836-565-0x00000244E67B0000-0x00000244E6F6E000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraBars.v22.1.dll

MD5 8f335dc88eb706a7b50f45a3fd308dee
SHA1 1bcfb26b7e945fe29f40a1f2ad19c4be4d590edd
SHA256 3f31296a5be7c607874f4fd3e66df9d2c460edbc5c4b41ee5ce93534786310ac
SHA512 0d42472c287497878a08393b1b39608c0f466520b1ed9aac83fdbd25171941d40d0d0eb1012503894aaac5a5b64db7ea8d280df6d5f7afdd15490d4cee97ea00

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraGrid.v22.1.dll

MD5 8478f5aa3de612bd2cf5e9356688d0f3
SHA1 84103d2abee8976dcaac172bcb9e064dfd06a890
SHA256 ae22e7bebe5c4b59363c5980940c64608d1a35c6b5026e0e088605132187c8da
SHA512 d0f3cbf8144c733266e05b2513603f5b44bf6fa359bbff86c3d437e022ef1d6451ce7b3f335d116438346aeb3d93bc5a82a6a548a7b1795f72991112abe6750f

memory/3836-567-0x00000244E7610000-0x00000244E7CA2000-memory.dmp

memory/3836-569-0x00000244E6F70000-0x00000244E730C000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Printing.v22.1.Core.dll

MD5 9ec835a4e269f978eeefd7fd8bd5abb0
SHA1 e36a07167bd83d713703a84f3c2c2b8f86cd38f5
SHA256 e4d60cac9cacde3cab841854b4c5348df89a4e4027b62de09184a3ddbb81a5a0
SHA512 2a72b3615215b94d1b7fce3c9ff28042c4c02ec655e3fdc42008217979b65f39fff9cb75a35ac1426a78aa2f8c0c00354369cdb5b5df155efcde8651878de4d9

memory/3836-571-0x00000244E7CB0000-0x00000244E8134000-memory.dmp

memory/3836-572-0x00000244E2D40000-0x00000244E2D60000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraLayout.v22.1.dll

MD5 45d8d7bd5e30d8b5da44f6a60e331c87
SHA1 301d5dc4a8a1141234559df872ce219c1c7efccb
SHA256 e6e670bf76dc46e959f74b09d3c6e614b2121975456b00041e32bd7f5001253f
SHA512 23b303f287e0b77d221e8cd24cf2933d4976e9b61dfc9bd03c9f365d44988a0a7ce2e81366466dcdff981931099964ebc04293de2de039e0322eed9ac911291b

memory/3836-574-0x00000244E8140000-0x00000244E8352000-memory.dmp

memory/3836-577-0x00000244E5430000-0x00000244E54DA000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\VenomServer.p12

MD5 65efef16af8b2bb993e24ca1fdb3f3a7
SHA1 e205dcc888582eb51d0ee9690d37a7b75138f715
SHA256 c40f74c79715de4c5265dffd643d7bd5dda2caa09ca84e620bc78f7d27df51fc
SHA512 29581484c44849ccd0ad9bd2c9058fc56f3589019baf4b833a5fc8ceea0e488a357639c92cbaf977f74d5f2d59abb2b8ee7a607cdc67c6c14592b4bd9c3a5215

memory/3836-582-0x00000244E3B80000-0x00000244E3B8A000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\MessagePackLib.dll

MD5 06247396be54c6ebb06fd6ca84ee80cc
SHA1 51fb23ff498a47c0be900ae43a7030f98794eb59
SHA256 669e42b6c6e94dc2735f281aa5b33c0d398b91960158ec556e521974b3be5843
SHA512 03d93f22aaf1bc0dc4d26b130aa1cb1668c14b854ff84803c8b2cc74625cda44970dd5be1b17865986eabb6966a7d65c226282becfd7963b72b8035990ffc299

C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_a4cfvtw2otmocuepvp4svmr0d4p3se0d\6.0.3.1\user.config

MD5 3fb8d2a2cd510948957ef43af5de1a6a
SHA1 165c56b69c45db04546436b8cfcd21bf543fe1e3
SHA256 095a2b7ce003847ea27f3eb98eca1c5bf9098c194c137c550bed549fe8d46306
SHA512 ddf025953f0487612cab831866ce03285aa810a406d0a92d4491a2d26c7eaba2c4108c230309732a7ab6184c1578419164afe2fdc8e0179d8584bfbc7e75f1c6

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-423582142-4191893794-1888535462-1000\8d3cd47d18e98cbd02c8d59c530742de_d1198a5f-3a25-4db4-82c8-c6e12a3056f2

MD5 18765a7fb2c70b19f6c48cefc1119a83
SHA1 cb1f3d107d04192f0c1b324aa1bb500b060dbfc0
SHA256 391626bc35be401b258f099154061b9d067c50fbc9b7573c00fe01064291a960
SHA512 35bea148ceb4111b43cb7fbda7f111109084a0b68ab0b5674d9227926f3cc01451589b565b40335ef25a2df8f8d196f4a56b8b9e6c58a1d2751d5ad75b255db9

C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_a4cfvtw2otmocuepvp4svmr0d4p3se0d\6.0.3.1\user.config

MD5 007faf020877d868c86c346e15c0df36
SHA1 1f7372e656563289ff37e713699a86cdc32d9ffc
SHA256 f99d61dc6f1286a039e4eeb92ac1bc03a926e00d76fcaafe0f26a4380742d9d1
SHA512 4278804bcba3d364457cce6dde242d96e84a9ac91fcbcaf983f971250c3f9ebc2ac1368f00ce8cd0331319c4959482bda58a3421e673b2ffa5c3fd718487f92a

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Venom RAT + HVNC + Stealer + Grabber.exe.log

MD5 a3372cfb269acb087f4461690a2e7969
SHA1 5b97bb948a9803e3df9b24e1b1ab87c682796252
SHA256 d7ec8cf9cfa55fc0378c4f9904ebc3b002a0c9ee6d22809b853ef82b2860f9ec
SHA512 aa038a1107906785fa317ab85e520724c9f57c1c039f6dfae060ea022017dfa4e032541319a20ffa3bd35247e8746646d1cc59cdf84fec3f14bd63464756f724

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\dnlib.dll

MD5 5cc2bb48b5e8c8ac0b99669401d15456
SHA1 02e9ae08f3ec364834eb3ffc122f1c90e1b0e95e
SHA256 648950f725fb0320e09c52dcaf81764916df96dc62e7429ba67daea0acb784ea
SHA512 2867e94cee9f89f1cf85ad01083d75f4bc0bc0e551b2ffae05581828994f2b01a458ac7a7c94a45e8c40858ecce197f7ec23482ee13ef3f1bf82b33b89b3b420

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Stub\ClientAny.exe

MD5 958cfc3e7730a66a05d6b8a49ce13d63
SHA1 ebc55f86cccfead463fcc1e6a060a5012fb09907
SHA256 eedce349ce30bae2c269040ac02e0c1d2a979cd2743dc89dc8138e61b30f1798
SHA512 cd6c4f6229a5d97a9b335cbbaf16e4ceab2efde6dd6e17ea0e8645d12739bd2a7ab8e6a77887dd92894af17305df6aafd051c0bfdd8fe7965225f0d538d9fbc5

memory/3372-628-0x000001D853210000-0x000001D853334000-memory.dmp

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Plugins\donut.exe

MD5 77fdab910751ae4b3b437ed594ee1b4d
SHA1 04feabf0b665f3e4bc29950f7ffc291d9cc4a9d1
SHA256 ee0fbd09ef81052faa267adb297a644ab51e80245e66346f97e31834bae9814b
SHA512 6c5682df48028f0660e50d4e450cbd742f02668f46df2757920e0305ba4cb8cfa00221119a24f2916b4013b4569d7829ad8d5e4e98287c451410a87b4d883b2d

C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_a4cfvtw2otmocuepvp4svmr0d4p3se0d\6.0.3.1\gnaqjmnc.newcfg

MD5 9cac6b565eb4645fe57fbcbe91422e1a
SHA1 6e6b83f97c58b78318c99776d4c373fef34db6f1
SHA256 97ee420b85b9c9b007d17e7b83514ab16c08f43b1f3c5eb6f717f2da6478e68e
SHA512 07e354ebb23930640954537d3ad50ee597a30755f33a327d450eeb713aeb4a2f64ffeb30417b421a562fa804493ccd443729a29e6ee5346eb7f2a8b8cf102803

C:\Users\Admin\Desktop\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.WinRTPresenter.Launcher.exe

MD5 de4449ac523ac31f66efe7f090360f71
SHA1 de7fcb8c16c7cab8255b8e31781efb0ffc45acce
SHA256 76a868948e5b4df73f5dab5606135f6bf10b598bdaa991737224edcb8fdd58db
SHA512 d43021c5878f08c38264e1882313959aa51b8dabf6649a64f476f3e7c0ba7fdaaac0f3edaa6fb3ea2e56889a5e78791236c1dfe8dbcd9218d7eab30a9ee4a56c

C:\Users\Admin\AppData\Local\Server\Venom_RAT_+_HVNC_+_Steale_Url_a4cfvtw2otmocuepvp4svmr0d4p3se0d\6.0.3.1\vra5d0yg.newcfg

MD5 6ca1ddd18b2a3d9c33f35d1d790db680
SHA1 a3c201ef2405b47c6d0fe5fb6897d525684ece37
SHA256 52e50fc2eeaf46235e4242454cb8166245afcb31aac8b52d4fe3a53d698afde4
SHA512 c34546fefa87480d035f1b1fb8eb1d41814c7c1b7e255b055bc47f172e95a17f77ecf2aa1868374a386c2b1efffbd3000be77fa7d243d987731e8e54215f6ca6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-29 00:45

Reported

2024-06-29 01:17

Platform

win11-20240508-en

Max time kernel

441s

Max time network

1167s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\BouncyCastle.Crypto.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\BouncyCastle.Crypto.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-29 00:45

Reported

2024-06-29 01:17

Platform

win11-20240611-en

Max time kernel

1479s

Max time network

1497s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Charts.v22.2.Core.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Charts.v22.2.Core.dll",#1

Network

Country Destination Domain Proto
US 52.111.227.13:443 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-29 00:45

Reported

2024-06-29 01:17

Platform

win11-20240419-en

Max time kernel

451s

Max time network

1178s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.v22.1.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.v22.1.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-29 00:45

Reported

2024-06-29 01:17

Platform

win11-20240611-en

Max time kernel

1782s

Max time network

1806s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe"

Signatures

AsyncRat

rat asyncrat

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe

"C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Client.exe"

Network

Country Destination Domain Proto
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
FI 95.216.52.21:7575 tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp
FI 95.216.52.21:7575 tcp

Files

memory/1372-0-0x00007FFFAD0A3000-0x00007FFFAD0A5000-memory.dmp

memory/1372-1-0x0000000000260000-0x0000000000276000-memory.dmp

memory/1372-2-0x00007FFFAD0A0000-0x00007FFFADB62000-memory.dmp

memory/1372-3-0x00007FFFAD0A0000-0x00007FFFADB62000-memory.dmp

memory/1372-4-0x00007FFFAD0A3000-0x00007FFFAD0A5000-memory.dmp

memory/1372-5-0x00007FFFAD0A0000-0x00007FFFADB62000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-29 00:45

Reported

2024-06-29 01:17

Platform

win11-20240611-en

Max time kernel

1480s

Max time network

1498s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.CodeParser.v22.2.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.CodeParser.v22.2.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-29 00:45

Reported

2024-06-29 01:17

Platform

win11-20240611-en

Max time kernel

1480s

Max time network

1500s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.Desktop.v22.1.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.Desktop.v22.1.dll",#1

Network

Country Destination Domain Proto
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-29 00:45

Reported

2024-06-29 01:17

Platform

win11-20240611-en

Max time kernel

1485s

Max time network

1510s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.Desktop.v22.2.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.Desktop.v22.2.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-29 00:45

Reported

2024-06-29 01:17

Platform

win11-20240508-en

Max time kernel

1733s

Max time network

1751s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.v22.2.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.v22.2.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-29 00:45

Reported

2024-06-29 01:17

Platform

win11-20240611-en

Max time kernel

1475s

Max time network

1496s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.DataAccess.v22.2.UI.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.DataAccess.v22.2.UI.dll",#1

Network

Country Destination Domain Proto
NL 52.111.243.30:443 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A