Extracted

Extracted

Extracted

• • Target

    Venom-Crypter-main.zip

  • Size

    13.1MB

  • MD5

    d0f68c2237bacda223cbc9d1c2c5977f

  • SHA1

    382d10e136735e6a40211fc961a159ef3d0b6cb6

  • SHA256

    426450fec2f43cf6a6627f69382625d6b6660483ebf861eb9482aab12c38ea2f

  • SHA512

    2a254eadc4c8887b56a0606294cc97ec23d1db2746eb4112d3854961b33818e461ffb3f0cea3d7129de81ce7e064121c69b4f435bfb3af5bbd051a142a66360f

  • SSDEEP

    393216:VNNTdtFBX7LzFWkt82Ezp37EaHJz7y+bVzmb6nx:lJnBX7JEz57rpa+bVCmx

  Score

  1^/10
  behavioral1

• • Target

    Venom-Crypter-main/Core/dnlib.dll

  • Size

    1.1MB

  • MD5

    5cc2bb48b5e8c8ac0b99669401d15456

  • SHA1

    02e9ae08f3ec364834eb3ffc122f1c90e1b0e95e

  • SHA256

    648950f725fb0320e09c52dcaf81764916df96dc62e7429ba67daea0acb784ea

  • SHA512

    2867e94cee9f89f1cf85ad01083d75f4bc0bc0e551b2ffae05581828994f2b01a458ac7a7c94a45e8c40858ecce197f7ec23482ee13ef3f1bf82b33b89b3b420

  • SSDEEP

    24576:/bN7xZgKVl/N12pljD7DM2l8xs5A/zYv7flNcK:DyJXn3ML7G

  Score

  1^/10
  behavioral2

• • Target

    Venom-Crypter-main/Core/dotnetreactor.exe

  • Size

    14.3MB

  • MD5

    44b10b3b38df861e83d7fe0c06414bcd

  • SHA1

    fc94d4422602455e01442855c8f35164ef97412d

  • SHA256

    0133f4878d4441dad5c153b83b2cb70b510ff089814820cbfb4e88df31564c8e

  • SHA512

    00ee844a109cc603c1308b13d4c64a71b076fec41d60f47952f333f1db3c03c389b159c0b13a39f5a4ceefdd1a5212d01c8e5e55db4bdbb8e860788087db4288

  • SSDEEP

    196608:fk0F23nFoQ5RPoE72XoQZpChJwa/ThljpYvAksm8jb5HcT6Z:dQ3nFJQE74kpThbpM8JB

  Score

  7^/10

  discovery

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  behavioral3

• • Target

    Venom-Crypter-main/Core/venom_crypter.exe

  • Size

    107KB

  • MD5

    473b0559e3be87128dbf66e483150fbb

  • SHA1

    3a710cf2366837dcdbf4ad2831044f1c594c2106

  • SHA256

    a75977968a6ca4af41552ed47c4315c1782b12223f7001f8ae5c8547781724e0

  • SHA512

    8e0bc5be8211504c37fc827262f8c76b6ef2811e20cbad3be3bbcdda705985e505fe6cb9255b079a0eddabe233f32a3932ec796665de8b54458e3c9730d322b6

  • SSDEEP

    3072:bdZLLyEmnB0lc3fy000NMCUkpH2fydk0AK8QFAD1DEAPIu+bpcdjM0:ZZLLyEmnB0lcvy000NMv6H2fydIKxADm

  Score

  1^/10
  behavioral4

• • Target

    Venom-Crypter-main/Guna.UI2.dll

  • Size

    2.1MB

  • MD5

    c05cf8543a06cf77ba8e3d03c1b39870

  • SHA1

    40d53bcdc940fafccf02404866d9d917c0a84696

  • SHA256

    f446f3daed76fa4d1fdfde1e00e9348ced91853662ba953e9beb8f0ac6450126

  • SHA512

    07b959fab63ccf77072b70ae89f1ccc047fa4ba00fedff8503688125d9a2ca284811d4fb5c9125ff0468dd077ad2aae719b3b22067156f5c8a806f16890b9145

  • SSDEEP

    49152:w34QXpXwn9cQPHvrkYsIJLBOrOcNTMzFon:wIQgcT

  Score

  1^/10
  behavioral5

• • Target

    Venom-Crypter-main/README.md

  • Size

    797B

  • MD5

    afb2eaa0686ebc34b892453b4b20cb8b

  • SHA1

    33cd074b2e48e550ee8f2a71b856caddf68663bb

  • SHA256

    0efc3d0dd05465b5158c8f998f17a55615a49e4cbca9bde758decb73a3bed972

  • SHA512

    73be120c44a03341373fe01fc99452744906afa1c4c72b8520ac91ab14b563f4c70b28adef3402e6350145cee6c0b2544c0b25280f3a4b191c29042a57c63185

  Score

  3^/10
  behavioral6

• • Target

    Venom-Crypter-main/SimpleObfuscator.dll

  • Size

    1.4MB

  • MD5

    9043d712208178c33ba8e942834ce457

  • SHA1

    e0fa5c730bf127a33348f5d2a5673260ae3719d1

  • SHA256

    b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

  • SHA512

    dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

  • SSDEEP

    24576:FDy7cKOfkiRrXP5WtJvW1mpjSWr7uoZme1V86:+8/AtJes1LJ

  Score

  1^/10
  behavioral7

• • Target

    Venom-Crypter-main/VenomCrypter.exe

  • Size

    995KB

  • MD5

    b8f9138bd9a2c93a1b7ada47586c8202

  • SHA1

    998850da4b2c4f5152d637222613b114338e6ba4

  • SHA256

    54fc1ddf8dd8880f29ec3335d602de20f0b9ecafb9cd3dc9dc090ab6a1540535

  • SHA512

    54b99cb1a821dab4a2c79560a13f637db1cae5658d2293e28c7449930052bcc35d4e92ad30a6d720224fcccf78c70aaace5c502bb8ba39e3fc7f607c2197a590

  • SSDEEP

    24576:A6QogdyF69wA1s33ryeg5b0O9Xld7T7lY7NSe3TwHur8pOfVnnbeC13Uv8r:A5zdyF69mrU5nJ7lY7EaUHvYz

  Score

  10^/10

  gurcuxwormdefense_evasiondiscoverypersistenceratstealertrojan

  • Detect Xworm Payload

  • Gurcu family

    gurcu

  • Gurcu, WhiteSnake

    Gurcu aka WhiteSnake is a malware stealer written in C#.

    stealergurcu

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Looks for VirtualBox Guest Additions in registry

    defense_evasion

  • Downloads MZ/PE file

  • Looks for VMWare Tools registry key

    defense_evasion

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral8