Malware Analysis Report

2024-11-13 19:52

Sample ID 241107-y3475a1jhl
Target VenomRATHVNCStealerGrabber.exe
SHA256 2761f7bd15a3e4ce953dd3ceed0863751a0890fe99b58e0452fc0bd9b9fd24b0
Tags
venomrat discovery rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2761f7bd15a3e4ce953dd3ceed0863751a0890fe99b58e0452fc0bd9b9fd24b0

Threat Level: Known bad

The file VenomRATHVNCStealerGrabber.exe was found to be: Known bad.

Malicious Activity Summary

venomrat discovery rat

VenomRAT

Venomrat family

.NET Reactor proctector

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 20:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 20:19

Reported

2024-11-07 20:22

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe"

Signatures

VenomRAT

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Venomrat family

venomrat

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe

"C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

memory/936-0-0x000000007513E000-0x000000007513F000-memory.dmp

memory/936-1-0x0000000075130000-0x00000000758E0000-memory.dmp

memory/936-2-0x0000000007820000-0x00000000087A0000-memory.dmp

memory/936-3-0x0000000075130000-0x00000000758E0000-memory.dmp

memory/936-5-0x0000000075130000-0x00000000758E0000-memory.dmp

memory/936-4-0x0000000006890000-0x0000000006E34000-memory.dmp

memory/936-6-0x00000000087A0000-0x0000000009720000-memory.dmp

memory/936-9-0x0000000075130000-0x00000000758E0000-memory.dmp

memory/936-11-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-7-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-8-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-16-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-13-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-17-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-20-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-21-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-25-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-28-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-23-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-32-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-33-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-29-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-39-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-35-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-38-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-42-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-43-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-45-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-48-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-50-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-52-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-54-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-59-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-57-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-56-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-62-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-63-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-65-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-67-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-71-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-69-0x00000000087A0000-0x0000000009719000-memory.dmp

memory/936-176-0x000000007513E000-0x000000007513F000-memory.dmp

memory/936-233-0x0000000075130000-0x00000000758E0000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 20:19

Reported

2024-11-07 20:22

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe"

Signatures

VenomRAT

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Venomrat family

venomrat

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe

"C:\Users\Admin\AppData\Local\Temp\VenomRATHVNCStealerGrabber.exe"

Network

N/A

Files

memory/2068-0-0x00000000741AE000-0x00000000741AF000-memory.dmp

memory/2068-1-0x0000000007540000-0x00000000084C0000-memory.dmp

memory/2068-2-0x00000000741A0000-0x000000007488E000-memory.dmp

memory/2068-3-0x00000000741A0000-0x000000007488E000-memory.dmp

memory/2068-4-0x00000000741A0000-0x000000007488E000-memory.dmp

memory/2068-5-0x00000000084C0000-0x0000000009440000-memory.dmp

memory/2068-6-0x00000000741A0000-0x000000007488E000-memory.dmp

memory/2068-30-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-38-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-83-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-77-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-73-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-70-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-68-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-62-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-58-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-56-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-52-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-50-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-48-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-46-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-44-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-42-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-36-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-34-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-32-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-28-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-25-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-22-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-19-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-17-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-88-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-86-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-84-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-80-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-78-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-74-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-66-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-64-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-60-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-54-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-40-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-7-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-27-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-20-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-12-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-11-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-8-0x00000000084C0000-0x0000000009439000-memory.dmp

memory/2068-8167-0x00000000741AE000-0x00000000741AF000-memory.dmp

memory/2068-8168-0x00000000741A0000-0x000000007488E000-memory.dmp

memory/2068-8169-0x00000000741A0000-0x000000007488E000-memory.dmp