MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24c323f9be2d7476c9233e35a10dcf35d58e25b956dfdfa15e492edbb02153b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VenomRAT


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24c323f9be2d7476c9233e35a10dcf35d58e25b956dfdfa15e492edbb02153b8
SHA3-384 hash: cb598c322b66b1a27a9035716cd4ccd9b7380d378d7f8117c61bfd5585cbf88d6f890a07792d599f55acd2846e642988
SHA1 hash: 4fb15b7a99c551b7b79a4753a90de5f067f428d2
MD5 hash: 70087277fa67c53783f5cbe4022bd2d1
humanhash: paris-quiet-december-neptune
File name:SecuriteInfo.com.Win32.TrojanX-gen.5720.17649
Download: download sample
Signature VenomRAT
Create hunting rule
File size:195'600 bytes
First seen:2023-12-14 08:29:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 254bf9fcc84ded02825aa4beb3f4a02f (2 x VenomRAT)
ssdeep 3072:+rEv9lomY7Z5dcKXefLNjLt2eo8j6ERhnGxMBoGlY5TQEIj4pkv7gEyR76t1t:lv8p5dDef9tlPjHRR8MDlwpkvl476t
Threatray 46 similar samples on MalwareBazaar
TLSH T1DB147B11B5808432D963157206F4CBB55E7EBE700FA65ACFA3D40B7E4F302D2A735A6A
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter SecuriteInfoCom
Tags:exe signed VenomRAT

Code Signing Certificate

Organisation:MEDIATEK INC.
Issuer:VeriSign Class 3 Code Signing 2010 CA
Algorithm:sha1WithRSAEncryption
Valid from:2014-05-26T00:00:00Z
Valid to:2017-06-24T23:59:59Z
Serial number: 56f008e69a7c4c3feb389c66eaf58259
Intelligence: 16 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 322be21fe24713b9a5455f96f109c0621bea49279f498619759c48a1185ddee2
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
308
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467436/
Detection(s):
SecuriteInfo.com.Win32.TrojanX-gen.5720.17649.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending an HTTP GET request
Creating a file in the %AppData% subdirectories
Сreating synchronization primitives
Sending a custom TCP request
Creating a window
Using the Windows Management Instrumentation requests
Setting a global event handler for the keyboard
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control lolbin overlay packed
Link:
https://www.filescan.io/uploads/657abd10bb9490c89cce22e4/reports/0fe88bb6-6f44-4d8d-bf9f-c6953feb2db3/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/24c323f9be2d7476c9233e35a10dcf35d58e25b956dfdfa15e492edbb02153b8
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
ModernLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1c4ea15b-ac45-4f90-b245-484946626418
Result
Threat name:
DcRat
Create hunting rule
Detection:
malicious
Classification:
evad.troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1362032
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Yara detected DcRat
Behaviour
Behavior Graph:
Download SVG
Score:
61%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/24c323f9be2d7476c9233e35a10dcf35d58e25b956dfdfa15e492edbb02153b8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24c323f9be2d7476c9233e35a10dcf35d58e25b956dfdfa15e492edbb02153b8/
Threat name:
Win32.Trojan.Venomrat
Create hunting rule
Status:
Malicious
First seen:
2023-12-14 08:01:44 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
13 of 23 (56.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=etbsh6n6fv2hnsjdhy22cdopgxky4jnzk3p57ik6jexnxmbbko4a._file
Verdict:
malicious
Similar samples:
132acdd518240ece3cb4da78c47bc7fc5ed8d55420084104cbc91e6022bdb833
VenomRAT
29c9a0e4b65f23b580746c3643780284e9dfa65c419a3fed16a7f4fa55832882
VenomRAT
3a679cb98f88d7d6bd84dcfe9717238c08c05942055bdb798103224e7f2f2ca9
VenomRAT
565f27efbfaabc879f74e800abdb63f4ad46d49b654927a551a8a6cd17be5ac1
VenomRAT
60416198c9b2105c9204638fd00e154e2f5c32ba45f5a8ae2671bae565c062e9
VenomRAT
bba9f40b22002ac5336810d1044d24ed0294038899eb86b10caa180fbd76855e
VenomRAT
ce438c103a40dbd12f48547c2d8604c947232376f87eadd1a2da3b7bfac28d02
VenomRAT
d0fef87fd7e5a7214773deef4c445970147c88d5335867b552f9d4d22ef0231b
VenomRAT
d35d61849f839f688f10bcffc545e7a008fa248b71bdc8af3b0fdd2023670690
VenomRAT
+ 36 additional samples on MalwareBazaar
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat botnet:default discovery rat
Link:
https://tria.ge/reports/231214-kd5wgaceal/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Checks installed software on the system
Async RAT payload
AsyncRat
Malware Config
C2 Extraction:
38.181.25.204:5858
Unpacked files
SH256 hash:
24c323f9be2d7476c9233e35a10dcf35d58e25b956dfdfa15e492edbb02153b8
MD5 hash:
70087277fa67c53783f5cbe4022bd2d1
SHA1 hash:
4fb15b7a99c551b7b79a4753a90de5f067f428d2
Detections:
INDICATOR_KB_CERT_56f008e69a7c4c3feb389c66eaf58259
Create hunting rule
Link:
https://www.unpac.me/results/a4a8b085-5c12-46ef-a05c-4de801964ecb/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/24c323f9be2d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/24c323f9be2d7476c9233e35a10dcf35d58e25b956dfdfa15e492edbb02153b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

VenomRAT

Executable exe 24c323f9be2d7476c9233e35a10dcf35d58e25b956dfdfa15e492edbb02153b8

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/467436/
  
URLhaus
https://urlhaus.abuse.ch/url/2740345/
  
Delivery method
Distributed via web download

Comments