VenomRAT  Ransomware

VenomRAT Malware analysis – Remote access Trojan

VenomRAT – Malware analysis

Venomrat Malware. – The Swascan Cyber Research Team has tracked and analysed a RAT called VenomRat.

The malware in question is named Venom Software or VenomRAT, a remote access Trojan (RAT) currently on sale on various forums on the darkweb but also available on websites accessible via a simple Google search. The sale price ranges from $550 to $75.

VenomRAT can attack Windows XP, 7, 8, 8.1 and 10 operating systems.

Like all RATs, VenomRat also grants a Criminal Hacker direct access to the infected system. Venomrat has the functionality of :

  • Exfiltration:
    • files in .doc, .docx, .txt and .log format
    • Steal cryptocurrency wallets
    • browser data: automatic compilations, browser cookies, credit card details, account access and password and FileZilla FTP (File Transfer Protocol) data.
  • keylogging. records the keystrokes
  • Obfuscation: : makes itself anonymous in Windows Task Manager.
  • Video-recording: itcan record videos via the Webcam of the infected device
  • Execute and install:allows the installation and execution of software.

This last feature effectively exposes the victim and the network on which the infected device is located to possible wave attacks that could encrypt the entire corporate network.

Under Ransomware attack?
Contact us

VenomRat Threat Summary

 

Family Trojan, password-stealing virus, banking malware, spyware.
Detection
ALYac:Backdoor.MSIL.Quasar.gen ,  Backdoor.MSIL.Quasar.gen
Avira (no cloud): HEUR / AGEN.1123483 , TR / Kryptik.ffalg
BitDefender :Gen: Heur.MSIL.Krypt.6, Trojan.GenericKD.44118579
DrWeb : BackDoor.QuasarNET.1
ESET-NOD32 : Una variante di MSIL / Agent.AIA, MSIL / Kryptik.YGJ
Kaspersky: HEUR: Trojan-Spy.MSIL.HiveMon.gen, HEUR: Trojan-Spy.MSIL.Quasar.gen
Malwarebytes :Backdoor.Venom, Trojan.MalPack.MSIL
Rising :Exploit.Uacbypass! 1.C6DD (CLASSIC)
Symantec:Trojan.Gen.MBT
Tencent:Msil.Trojan-spy.Hivemon.Dvfu, Trojan.Gen.2, Msil.Trojan-spy.Quasar.Swkq
TrendMicro :TROJ_GEN.R054C0GJO20, TrojanSpy.MSIL.QUASAR.ERSUSK620
Process Name Processo senza nome. Identificabile se è presente un Task senza nome nel TaskManager di Windows
Symptoms  Non ci sono sintomi evidenti.
Distribution Social engineering , RDP ,…

 

VenomRat: Attack Vectors

As previously indicated, the attack vectors used by VenomRat are:

  • Social Engineering
  • Exposed RDP

Social Engineering

The Social Engineering techniques adopted by VenomRat are Phishing, Smishing together with credential Stuffing and Account Take Over through compromised credentials.

In order to protect yourself in an effective way we recommend:

Threat Intelligence: allows you to identify the presence of public and semi-public information related to your company: Domain Threat Intelligence and Cyber Threat Intelligence.

Human Risk: guarantees the training and awareness activities of employees through the services of Phishing Attack Simulation, Smishing Attack Simulation and Training.

Risk Analysis of the External Perimeter: Allows the identification of any criticalities and vulnerabilities at the level of web applications, exposed IPs and active ports and services. The reference services are Network Scan, Vulnerability Assessment and Penetration Testing.

Under Ransomware attack?
Contact us

 

Venom Rat: IoC

VEnom RAT IoC:

Venomrat

Virusotal: https://www.virustotal.com/gui/file/60444b4af2e533743cdba84e40b07a7829dd00cc7313e7ca98f544e672f79caf/detection

Intezer-Analyze Venomrat
Analyze Intezer
https://analyze.intezer.com/files/60444b4af2e533743cdba84e40b07a7829dd00cc7313e7ca98f544e672f79caf

About Pierguido Iezzi

AvatarDa anni mi occupo di CyberSecurity e Digital Innovation. Ho fondato e seguo diverse start-up. La mia passione per la Sicurezza Informatica mi ha portato a lanciare Swascan di cui sono il Co-Fondatore insieme a Raoul Chiesa. Swascan è la prima piattaforma di CyberSecurity, in cloud, SaaS e Pay for Use.
La mia frase è “Ognuno di noi è le risposte alle domande che si pone”.

Our Services

Vulnerability
Assessment

Network
Scan

Code
Review

GDPR
Assessment

ON PREMISE

Domain threat
intelligence

ICT Security
Assessment

Phishing
Attack Simulation

Smishing
Attack Simulation