Overview

overview

10

Static

static

10

Dangerous ...om.exe

windows10-1703-x64

10

Dangerous ...om.exe

windows10-2004-x64

10

Dangerous ...om.exe

windows10-1703-x64

10

Dangerous ...om.exe

windows10-2004-x64

10

meroclick website.exe

windows10-1703-x64

10

meroclick website.exe

windows10-2004-x64

10

browser.exe

windows10-1703-x64

7

browser.exe

windows10-2004-x64

7

microsoft update.exe

windows10-1703-x64

8

microsoft update.exe

windows10-2004-x64

8

script.vbs

windows10-1703-x64

10

script.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Dangerous RAT Cracked By Unknown Venom.exe

  • Size

    7.6MB

  • MD5

    20c6a93ae8df28bc23b3576dd9d3e6ff

  • SHA1

    67e40c10e4508e14cbaea402a2b17ce48546279e

  • SHA256

    3e0cd4e2e2dee5a875a36b42701280dd45d46343d062c521ab0fbc5cb3b4b4e1

  • SHA512

    1a219fea8ab036e4108d6ac0d0aff72eb7ec2224578f1fc235b9feff387674c32a36d4deb3098df71a29f0d7b0247856423b5d2c9207e384ade6f83421e863f1

  • SSDEEP

    196608:G8enx428Z4hf4jck6akTXwdn4tFNE56TKY1OcL2zNfP93mF:G8e+2oEf4jcceX841EwTKYAcUNfP9WF

Score
10/10
upxneshta

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Neshta payload 1 IoCs
  • Neshta family
    neshta
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • Dangerous RAT Cracked By Unknown Venom.exe
    .exe windows:4 windows x86 arch:x86

    29b61e5a552b3a9bc00953de1c93be41


    Headers

    Imports

    Sections

  • Dangerous RAT 2020 Cracked by Unknown Venom.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • meroclick website.exe
    .exe windows:4 windows x86 arch:x86

    29b61e5a552b3a9bc00953de1c93be41


    Headers

    Imports

    Sections

  • browser.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • microsoft update.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • script.vbs
    .vbs