Update 2024-04-22-VenomRAT.md

AntonyN0P · Aug 25, 2024 · ce2fd1b · ce2fd1b
1 parent 4ea8d0c
commit ce2fd1b
Showing 1 changed file with 7 additions and 8 deletions.
diff --git a/_posts/2024-04-22-VenomRAT.md b/_posts/2024-04-22-VenomRAT.md
@@ -3,15 +3,14 @@ title:  "Phishing with Venom RAT analysis"
 date:   2024-04-22 07:43:45 +0600
 header:
   teaser: "/assets/images/venom_rat/Venom_Teaser.jpg"
-categories: 
-  - tutorial
 tags:
-  - red team
-  - windows
+  - Phishing
+  - DFIR
   - malware
+  - RE
 ---
 
-##Intro.
+## Intro.
 
 In early April, organizations in the Russian Federation (and not only) received letters from an unknown sender. In the contents of the letter, besides wishing a good day and asking to reply “soon”, there was a RAR archive, and inside the archive was a *.bat file
 
@@ -25,7 +24,7 @@ However, there were some components of the bat file: obfuscated PowerShell strin
 
 This was enough to start analyzing the content, find IoC's, and see if there were any in the traffic from the organization.
 
-##Analyzing the attachment.
+## Analyzing the attachment.
 
 As we have already mentioned, the archive contained a bat file.
 
@@ -35,7 +34,7 @@ There are obfuscated functions and encrypted payloads inside, but let's talk abo
 
 ![Bat_File_Part2](/assets/images/venom_rat/4.png){:class="img-responsive"}
 
-##Deobfuscation
+## Deobfuscation
 
 The first part of the bat script declares the necessary variables in obfuscated form
 
@@ -276,7 +275,7 @@ One of the interesting features of the trojan is downloading the Tor browser to
 I did not extract and write a decoder for 5 resources. I limited myself to the indicators of compromise that I managed to find during the analysis.
 
 
-##Conclusion.
+## Conclusion.
 
 I managed to study such interesting samples in the beginning of April. A more in-depth analysis (module analysis) of such a malware was performed by the Fortinet team. After the analysis, we can conclude that attackers more often use fileless attacks, various obfuscation techniques, anti-Dbg/anti-Sandbox techniques to successfully conduct an attack, bypass defenses and gain a foothold in the system. I hope this material will be useful and will help in the future when studying similar workloads.