Overview

overview

10

Static

static

10

VenomRAT_v6.0.3.rar

windows11-21h2-x64

7

VenomRAT_v...to.dll

windows11-21h2-x64

1

VenomRAT_v...re.dll

windows11-21h2-x64

1

VenomRAT_v....2.dll

windows11-21h2-x64

1

VenomRAT_v....1.dll

windows11-21h2-x64

1

VenomRAT_v....2.dll

windows11-21h2-x64

1

VenomRAT_v....1.dll

windows11-21h2-x64

1

VenomRAT_v....2.dll

windows11-21h2-x64

1

VenomRAT_v...UI.dll

windows11-21h2-x64

1

VenomRAT_v....2.dll

windows11-21h2-x64

1

VenomRAT_v...re.dll

windows11-21h2-x64

1

VenomRAT_v...re.dll

windows11-21h2-x64

1

VenomRAT_v...re.dll

windows11-21h2-x64

1

VenomRAT_v....1.dll

windows11-21h2-x64

1

VenomRAT_v....2.dll

windows11-21h2-x64

1

VenomRAT_v....1.dll

windows11-21h2-x64

1

VenomRAT_v....2.dll

windows11-21h2-x64

1

VenomRAT_v....2.dll

windows11-21h2-x64

1

VenomRAT_v...re.dll

windows11-21h2-x64

1

VenomRAT_v...re.dll

windows11-21h2-x64

1

VenomRAT_v...re.dll

windows11-21h2-x64

1

VenomRAT_v...ng.dll

windows11-21h2-x64

1

VenomRAT_v...re.dll

windows11-21h2-x64

1

VenomRAT_v...ng.dll

windows11-21h2-x64

1

VenomRAT_v...xe.xml

windows11-21h2-x64

1

VenomRAT_v...ll.xml

windows11-21h2-x64

1

VenomRAT_v...ion.db

windows11-21h2-x64

3

VenomRAT_v...es.vbs

windows11-21h2-x64

1

VenomRAT_v...xe.xml

windows11-21h2-x64

1

VenomRAT_v...er.p12

windows11-21h2-x64

5

VenomRAT_v...ffline

windows11-21h2-x64

1

VenomRAT_v...online

windows11-21h2-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    157s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10-12-2024 22:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VenomRAT_v6.0.3/VenomServer.p12

  • Size

    1KB

  • MD5

    65efef16af8b2bb993e24ca1fdb3f3a7

  • SHA1

    e205dcc888582eb51d0ee9690d37a7b75138f715

  • SHA256

    c40f74c79715de4c5265dffd643d7bd5dda2caa09ca84e620bc78f7d27df51fc

  • SHA512

    29581484c44849ccd0ad9bd2c9058fc56f3589019baf4b833a5fc8ceea0e488a357639c92cbaf977f74d5f2d59abb2b8ee7a607cdc67c6c14592b4bd9c3a5215

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenPFX C:\Users\Admin\AppData\Local\Temp\VenomRAT_v6.0.3\VenomServer.p12
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4108
    • C:\Windows\System32\mmc.exe
      "C:\Windows\System32\mmc.exe" C:\Windows\system32\certmgr.msc /certmgr:FileName="C:\Users\Admin\AppData\Local\Temp\VenomRAT_v6.0.3\VenomServer.p12"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads