venomrat | d87bc6b532f94b6023c55bb38f96f0472857bb7742db4199704386bf8f533fb9 | Triage

Submit
Reports

Overview

overview

Static

static

3

setup.exe

windows7-x64

setup.exe

windows10-2004-x64

Sharing

General

Target

setup.exe
Size

146KB
Sample

241118-vw8eessakk
MD5

15ac5ad1c4c1a483da074a5fad3f4b0c
SHA1

144d87b60d42a0b5d527b3cab8cd7ad60d3c468c
SHA256

d87bc6b532f94b6023c55bb38f96f0472857bb7742db4199704386bf8f533fb9
SHA512

4dacb7551ccc17cb552ad12a0308f2d0c6ff3a27e5a079767b094db7daf54dbf2886273f7da6cd84d73d33a861aae8f1b35d0f52b3ee1db0913854181411a4de
SSDEEP

3072:4ESJuC4+3BrDDl8DC+1iJLU0YFzkEDN3BtGc/aFRsO8Jw:+uCBRrDZN+1i2xCmRwc/a7j

Score

10^/10

venomrat evasion rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

setup.exe

Resource

win7-20240903-en

venomrat evasion rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

setup.exe

Resource

win10v2004-20241007-en

venomrat evasion rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  146KB
- MD5
  
  15ac5ad1c4c1a483da074a5fad3f4b0c
- SHA1
  
  144d87b60d42a0b5d527b3cab8cd7ad60d3c468c
- SHA256
  
  d87bc6b532f94b6023c55bb38f96f0472857bb7742db4199704386bf8f533fb9
- SHA512
  
  4dacb7551ccc17cb552ad12a0308f2d0c6ff3a27e5a079767b094db7daf54dbf2886273f7da6cd84d73d33a861aae8f1b35d0f52b3ee1db0913854181411a4de
- SSDEEP
  
  3072:4ESJuC4+3BrDDl8DC+1iJLU0YFzkEDN3BtGc/aFRsO8Jw:+uCBRrDZN+1i2xCmRwc/a7j
Score

10^/10

venomrat evasion rat
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

venomratevasionrat

behavioral2

venomratevasionrat

© 2018-2024

Terms | Privacy