ec71ea6cde9185036500ecac3288719ef51869973b2f78d9c00dbc037d632025 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Venomware.exe
Size

291KB
Sample

240808-q7bglsthqn
MD5

d28d5caa7c1035110471b76346775f06
SHA1

0e94a75f4eb1d9402252f252a4812ed909378e5f
SHA256

ec71ea6cde9185036500ecac3288719ef51869973b2f78d9c00dbc037d632025
SHA512

99d198fb755159e657234d70f3a6f543ed9d562802b99a1e2609e12cb6006dfe9fbdc0701d2efcd61662b5dcdb58eb26cef128159bb17c8388a06f63e7ea3544
SSDEEP

6144:O0OaVh587gEJ/CmJjVDM7OohDU8iAhpZo8/xGqBhM3ne5fFMU:O0jApKmlqRD3iAhWr3ne5fl

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Venomware.exe
- Size
  
  291KB
- MD5
  
  d28d5caa7c1035110471b76346775f06
- SHA1
  
  0e94a75f4eb1d9402252f252a4812ed909378e5f
- SHA256
  
  ec71ea6cde9185036500ecac3288719ef51869973b2f78d9c00dbc037d632025
- SHA512
  
  99d198fb755159e657234d70f3a6f543ed9d562802b99a1e2609e12cb6006dfe9fbdc0701d2efcd61662b5dcdb58eb26cef128159bb17c8388a06f63e7ea3544
- SSDEEP
  
  6144:O0OaVh587gEJ/CmJjVDM7OohDU8iAhpZo8/xGqBhM3ne5fFMU:O0jApKmlqRD3iAhWr3ne5fl
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2