MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VENON


Vendor detections: 14


Intelligence 14 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72
SHA3-384 hash: ca91dd8a45b58f8ff2a2c05d1840600655cc569aae521a0583bafc31a5c7e048167a45f0a0e94c93eed85ecf7e4532bb
SHA1 hash: 347070651da094d6e3cf53464b37478700a77fbe
MD5 hash: 427ccfa456ed27a819aa152708212ff4
humanhash: hotel-beer-robin-charlie
File name:libcef.dll
Download: download sample
Signature VENON
Create hunting rule
File size:4'704'256 bytes
First seen:2026-03-17 06:26:14 UTC
Last seen:2026-03-17 07:33:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4936e85ab101212909cfd35492a0d277 (1 x VENON)
ssdeep 98304:sn/59P6qZrKBC3YzFc0xmerkfWcoq77FvcNKwOdYc5ot7iS5qikgfvGlVyCHPk:U59SMr99Wecov5or5Xults
TLSH T1ED26333E0107E5E9D29076387F6DF9FA489A347329E739305DA2CADA83369D2C512707
TrID 70.9% (.EXE) UPX compressed Win32 Executable (27066/9/6)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
5.2% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter Anonymous
Tags:exe Rust UPX VENON
File size (compressed) :4'704'256 bytes
File size (de-compressed) :9'739'776 bytes
Format:win64/pe
Unpacked file: 00dbe21b176bef396455459d7e8da3365397a47c9c54b4422a30f8dae7cb578b

Intelligence

File Origin
# of uploads :
2
# of downloads :
136
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
PEPacker
Details
PEPacker
a UPX version number and an unpacked binary
Link:
https://research.acce.ciphertechsolutions.com/results/924a8af8-b7e4-4db5-8b47-f9548ce7ae24/
Malware family:
n/a
ID:
1
File name:
DocumentReclamaAQUI_56b2ca9811.cmd
Verdict:
Malicious activity
Analysis date:
2026-03-04 18:11:18 UTC
Tags:
arch-exec evasion
Link:
https://app.any.run/tasks/5848d2a8-d054-4116-bdac-a32b24fb67f5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57702/
Detection(s):
SecuriteInfo.com.Win64.MalwareX-gen.58784893.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a85dec002d37d5c983ac99
Tags:
virus
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Сreating synchronization primitives
Launching a process
DNS request
Connection attempt
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Creating a file in the %AppData% directory
Adding an access-denied ACE
Sending an HTTP GET request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug crypto keylogger masquerade microsoft_visual_cc overlay packed packed packed unsafe upx
Link:
https://www.filescan.io/uploads/69b8f4454ec2f522cc4c14a6/reports/a1f78432-aeb9-4334-abfc-86f8dafc21eb/overview
Verdict:
Malicious
Labled as:
Win64/Agent.AZD trojan
Link:
https://www.hybrid-analysis.com/sample/c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72
Verdict:
Malicious
File Type:
dll x64
Link:
https://opentip.kaspersky.com/c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4cab5074-3e21-4f0f-9bf6-0ffead502993
Score:
51%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/427ccfa456ed27a819aa152708212ff4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72/
Verdict:
Malicious
Threat:
Family.SCARFACE
Link:
https://tip.neiki.dev/file/c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72
Threat name:
Win64.Trojan.DllHijack
Create hunting rule
Status:
Malicious
First seen:
2026-03-04 15:43:12 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
20 of 36 (55.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ysbcq2t7363e2memdf5e32v425z3rnrntz2nduepz7ick2gxlvza._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
defense_evasion execution persistence upx
Link:
https://tria.ge/reports/260317-g7wm4sd15m/
Behaviour
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Command and Scripting Interpreter: PowerShell
Drops file in Windows directory
Hide Artifacts: Ignore Process Interrupts
Suspicious use of NtSetInformationThreadHideFromDebugger
UPX packed file
Looks up external IP address via web service
Unpacked files
SH256 hash:
c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72
MD5 hash:
427ccfa456ed27a819aa152708212ff4
SHA1 hash:
347070651da094d6e3cf53464b37478700a77fbe
Link:
https://www.unpac.me/results/46d9ab7d-48a0-48a8-bedc-e28b941441c8/
SH256 hash:
00dbe21b176bef396455459d7e8da3365397a47c9c54b4422a30f8dae7cb578b
MD5 hash:
c184e7d830635daf624e5c1f5ff0dca0
SHA1 hash:
a4ec915661a958d579c5ad194d079fef215c3133
Detections:
cn_utf8_windows_terminal
Create hunting rule
Link:
https://www.unpac.me/results/46d9ab7d-48a0-48a8-bedc-e28b941441c8/
Parent samples :
00dbe21b176bef396455459d7e8da3365397a47c9c54b4422a30f8dae7cb578b
c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.56
Link:
https://yomi.yoroi.company/submissions/c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/
Rule name:upx_largefile
Create hunting rule
Author:k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

VENON

Executable exe c482286a7fdfb64d308c197a4deabcd773b8b62d9e74d1d08fcfd02568d75d72

(this sample)

VENON

Executable exe 00dbe21b176bef396455459d7e8da3365397a47c9c54b4422a30f8dae7cb578b

  
Link
https://zenox.ai/en/venon-the-first-brazilian-banker-rat-in-rust/
  
Link
https://public.vydar.net/ZenoX%20-%20VENON-%20O%20Primeiro%20Banker%20RAT%20Brasileiro%20em%20Rust%20-%20Versa%CC%83o%20Aberta%20-%20EN.pdf
Cape
Cape
https://www.capesandbox.com/analysis/57702/
  
Dropping
SHA256 00dbe21b176bef396455459d7e8da3365397a47c9c54b4422a30f8dae7cb578b
  
Dropping
MD5 c184e7d830635daf624e5c1f5ff0dca0

Comments