General
-
Target
VenomClient.rar
-
Size
183KB
-
Sample
241223-xtklpaxrew
-
MD5
cbc77b0e97fa86a07b627217f6f3a3bb
-
SHA1
f8f7ee3e9e49d374ccb553fc152769aa32d3b6ba
-
SHA256
1c06c3a8b59c5fbe1ffa91f8bc75191fffc8e0f0281ee4ca7899e20e3b6abfb6
-
SHA512
cbe823df5f13e8ed31708f36af382bc66192e7fe8c487163e226ce024ecdca3029d35570a0cc67c10a8b2cfcf4c12b1ce90a278fe30d3ef1620e96406fe9565a
-
SSDEEP
3072:jiNcrhOQ5iPkI6jIaVZBjBONAzXhtIz0h3tBbctY4Pm94HS6cNS6q9qEoWjE:nrhOQgPkI6TVDj0NAJd+67OHS6c03qVx
Behavioral task
behavioral1
Sample
Venom Client/Venom.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Venom Client/Venom.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Venom Client/freeglut.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
Venom Client/freeglut.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Venom Client/venomsba.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Venom Client/venomsba.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
wgzvrzpksxgiaglrvq
-
c2_url_file
https://paste.ee/r/Wp7LQ/0
-
delay
1
-
install
true
-
install_file
System.exe
-
install_folder
%AppData%
Targets
-
-
Target
Venom Client/Venom.exe
-
Size
74KB
-
MD5
c745590f5b7590f217bb204d27e91a00
-
SHA1
9d60ffc369b1fbdae8549b859729f47477658ddd
-
SHA256
dfb98932671339fb633c74180dba3810d9382e56618d75b3f67ae2ba3206aa1d
-
SHA512
5c6082eb180abeceda71ac259f9fef4bd90b47e3d2adf05280f7e0a3e3b6bed1508a0e09d6f5bcbcc7bfa868b0fc2fd9ff00dab7121baa778e575eed32dddaf3
-
SSDEEP
1536:ZUNwcxbUTCrmPMVIEh3kLuaIsH1bTc6yOQzc2LVclN:ZUicxbgwmPMVffAH1bTVQPBY
-
Asyncrat family
-
Venomrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Venom Client/freeglut.dll
-
Size
239KB
-
MD5
8fc8ac1ca784ea5cd3e22a1237f577d7
-
SHA1
876d0a02f40d61e1549148bf4a9b94f5c57b8d91
-
SHA256
c4e38871e266cafc2fd5b27e898aeba1b5beeb3f872dd0022266c7cf8273ce3f
-
SHA512
86ee2454ebed55929aecdd05ba0af9b1097dd1c715c024cab6e390c4d20844ef3dbdf8bbe63f6eb808914d572037baba3fbd5474ece5c6be8601545044f3b698
-
SSDEEP
3072:GxDR8PHEIeiMhUVuCW6zGcD20ZRGKhnR5ePR6W:yW37MhUly0zRgP8
Score1/10 -
-
-
Target
Venom Client/venomsba.dll
-
Size
158KB
-
MD5
51c3d268363828433f676cf8736dd980
-
SHA1
ea01f0407772e66c9e15f257da7e9aa5d27709d8
-
SHA256
6eadfc38c75bc9ae115937ac11551b1008d8705e44d9e07782d01457cfa3ed7e
-
SHA512
18dc66f09faf3b2c9d3138ff147d1692beab6f8a2c8f18c17b0fbac32f4b18aa5aab1ed778c550e80e2fcfca471f054b353d4f6f255de7cc972929f272e02f0a
-
SSDEEP
3072:y7cuMD9n6VxU43BpgZnJ41SqyZUy1QF7TjZ:y7cP6VxTRG1q1PrZ
Score1/10 -