General
-
Target
Venom.exe
-
Size
7.5MB
-
Sample
241113-wrkcgawhnf
-
MD5
5e9db4f5401cb38f434fbce2ab2f03f3
-
SHA1
7f55dd93461d1aa423c280a24f28b136d7b40941
-
SHA256
43b40024e938294ba67eb053973f01a1e6c3b0d9365c5fa7da54e89e74824414
-
SHA512
20420561b4789fb2fa852347cec718ebe65c8f82e0c8538e9cbc05d1d41d7d2c4ad16fa1572aa6af14d9e4c7e3146e49dc1bdfadd81be69b644233ff75b53a4f
-
SSDEEP
196608:vBunqZ6wfI9jUC2XMvH8zPjweaBpZ0cX2ooccXK7oST:kuIH2XgHq+jq93YoS
Malware Config
Targets
-
-
Target
Venom.exe
-
Size
7.5MB
-
MD5
5e9db4f5401cb38f434fbce2ab2f03f3
-
SHA1
7f55dd93461d1aa423c280a24f28b136d7b40941
-
SHA256
43b40024e938294ba67eb053973f01a1e6c3b0d9365c5fa7da54e89e74824414
-
SHA512
20420561b4789fb2fa852347cec718ebe65c8f82e0c8538e9cbc05d1d41d7d2c4ad16fa1572aa6af14d9e4c7e3146e49dc1bdfadd81be69b644233ff75b53a4f
-
SSDEEP
196608:vBunqZ6wfI9jUC2XMvH8zPjweaBpZ0cX2ooccXK7oST:kuIH2XgHq+jq93YoS
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3