General

  • Target

    Venom.exe

  • Size

    7.5MB

  • Sample

    241113-wp9jksznbk

  • MD5

    5e9db4f5401cb38f434fbce2ab2f03f3

  • SHA1

    7f55dd93461d1aa423c280a24f28b136d7b40941

  • SHA256

    43b40024e938294ba67eb053973f01a1e6c3b0d9365c5fa7da54e89e74824414

  • SHA512

    20420561b4789fb2fa852347cec718ebe65c8f82e0c8538e9cbc05d1d41d7d2c4ad16fa1572aa6af14d9e4c7e3146e49dc1bdfadd81be69b644233ff75b53a4f

  • SSDEEP

    196608:vBunqZ6wfI9jUC2XMvH8zPjweaBpZ0cX2ooccXK7oST:kuIH2XgHq+jq93YoS

Malware Config

Targets

    • Target

      Venom.exe

    • Size

      7.5MB

    • MD5

      5e9db4f5401cb38f434fbce2ab2f03f3

    • SHA1

      7f55dd93461d1aa423c280a24f28b136d7b40941

    • SHA256

      43b40024e938294ba67eb053973f01a1e6c3b0d9365c5fa7da54e89e74824414

    • SHA512

      20420561b4789fb2fa852347cec718ebe65c8f82e0c8538e9cbc05d1d41d7d2c4ad16fa1572aa6af14d9e4c7e3146e49dc1bdfadd81be69b644233ff75b53a4f

    • SSDEEP

      196608:vBunqZ6wfI9jUC2XMvH8zPjweaBpZ0cX2ooccXK7oST:kuIH2XgHq+jq93YoS

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks