Overview

overview

10

Static

static

10

VenusPanel+.bat

windows7-x64

1

VenusPanel+.bat

windows10-2004-x64

1

venus.exe

windows7-x64

7

venus.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    venuspanel v2.4.zip

  • Size

    103.0MB

  • Sample

    240828-n113ksyfnk

  • MD5

    bbec4cbfa49c4a6def5708420e71029b

  • SHA1

    3b4ae20902971e08a9bb7e1ae5f59c13aced1844

  • SHA256

    f69a5e869d6f4fd848f9df36d3ba0055eb22b5c28b4e7b87b25601472c0704ba

  • SHA512

    9c3a607ecfc41420877989e1cf24641343fcc7567f41785003c992ac3cc5cae331c1f75fa664d3df1fe361033e068ea7e82c826dc9e2a30df53bb1bc9c7ee97f

  • SSDEEP

    3145728:q/puiSegKsZKpjLjtpkK77Pfn4n9UOyZ8lgVvNgO:uNRgBI5pJPv8lyZ8ij

Score
10/10
pysilonevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      VenusPanel+.bat

    • Size

      1KB

    • MD5

      8ab1d5a2170bb858b049aa05e97b8090

    • SHA1

      30d64cd4a886be326cfb1105bc53f7be5171313b

    • SHA256

      3bfca5a1d10435ae962bff49feff0881250bff2db714ec40fc523968ac2621cf

    • SHA512

      5acf32b9d1596bd3128d8c97ba6d355e38e57020f87ddb9ea5deaf8751b150c6500e85ef703550f1123ea7914abfd755ad9be7a920b800c9977bdd2ff39ff038

    Score
    1/10
    behavioral1behavioral2

    • Target

      venus.exe

    • Size

      103.7MB

    • MD5

      5162dcc21c9799cd6f69a7fba17b21b6

    • SHA1

      ae0e92a7f5aff86cf1cb18c2e272b365cecc0a45

    • SHA256

      0ff9ab22b8115ba20885aca09eb5df210fa2b2ca29c1d9da2bfb52b6a2a7eac8

    • SHA512

      090adf19cb9bf0ae19bf76ba4ab1b3d4e4df30ec97ce2323b9579aa1391b9458ca4faf98f0e8a1effd15bf2394c5a7b2f611257af866de46a0548044d1dff6b4

    • SSDEEP

      3145728:jPgOb8S6xjKcBa6c2qHO5iVIinGQbRe0zJcB8a6qrbZo:jbgSWNa6sHCip1XcB8a6q

    Score
    8/10
    evasionexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks