Inside a VenomRAT Malware Campaign

May 29, 2025, 7:13 a.m.

Description

A malicious campaign utilizing VenomRAT, a Remote Access Trojan, is analyzed. The attackers use a fake Bitdefender download website to spread malware, including VenomRAT, StormKitty, and SilentTrinity. These tools work together to provide initial access, steal credentials, and maintain long-term hidden access. The campaign's infrastructure includes multiple command and control servers and phishing sites impersonating banks and IT services. The analysis reveals the attackers' focus on harvesting financial credentials and crypto wallets while establishing persistent access for potential exploitation or sale. This campaign highlights the growing trend of sophisticated, modular malware built from open-source components, posing a significant threat to everyday internet users.

External References

https://dti.domaintools.com/venomrat
https://otx.alienvault.com/pulse/6837b0361f9ee33ce1b797e7
Tags
phishing
credential theft
venomrat
open-source malware
command and control
remote access trojan
stormkitty
silenttrinity
2025-05-29

Date

  • Created: May 29, 2025, 12:54 a.m.
  • Published: May 29, 2025, 12:54 a.m.
  • Modified: May 29, 2025, 7:13 a.m.

Indicators

  • f0e479cf0dadc7f7d1f999e091b013d236f2c7959591a6b1268ba31b89442ec6
  • eb2b61a5f15b19bf7dd0ff3914d3019c26499dd693647b00c1b073037db72e35
  • e07f8aa872a5bc6da07e6ddad3a3e9b7e1a57cec33b5bf16d6b56a150318fd81
  • b1810daed3653b8c2047ff05a01a67d840ce045b17b39c60f335d798612e96aa
  • ab81ceeb26e22a7c6981a8479cccaa184675ad194b83e447185a1ce42abfbcb0
  • ab5e758b27ca23fb06cccb7a5d0e337757b30f5eb0093c03071792516e64ed76
  • aa136a75b8fd954cf753c2c17fcde993b37b79af2f6b5a49556183e9f420fd56
  • 7c3a49906e67a1928113554ff75f684ee54ab74abcf26ac1211d0cd8726cb086
  • 72b7856f3c6851a36642e952b4fb772b9ea0a6a4075c2ed4b59e60cb922f82e3
  • 6c8d7f5c3d035f134b7d24594c0c409f1fce4bd460d0b2c634fe49c758c44b13
  • 68f6ff2543066ec8028d9bc101a17a60c47b693bdc0ee4d6167f17d5d4921ab9
  • 505ab745198ddb59201abd0292af2b2bb0b6360d5807a2969c1518ae60a396c8
  • 5129e8833504d66bb7332a60e1677697bf3a4ecb2f763acee926e4a6add24160
  • 47e1270376345760986d86218c23c66c74afec864fbf6f1d300a6f39ab13f341
  • 4541fd01a19f1e484f24eff86f42ac36ea9b30686fd405ca0a50f3e517657a61
  • 1b6ed428a5e8255860a44ed6ed3c06079625b6a35762f363029ccb1b322392d4
  • 2d3dc51e6752c4fe95b2b7928ed11b5e06c6a68d19b7d884ab2c8eaab97d4e07
  • e33b8b32bccfb50f604f06a306d1af89ae7b0d583bca20c41fa5811f526aa420
  • 59a08decb8b960b65afe4d5446ef0e00e3a49ab747599b5ee6e7d43813040287
  • 94.141.123.234
  • 67.217.228.160
  • 212.232.22.77
  • 185.23.253.204
  • 185.23.253.138
  • 185.208.159.121
  • 157.20.182.72
  • 157.20.182.68
  • 157.20.182.35
  • 157.20.182.167
  • 185.156.72.2
  • https://bbuseruploads.s3.amazonaws.com/9e2daa63-bae3-4cbb-9f88-8154ba43261f/downloads/aa7b9593-2ccd-4cd0-9e04-9b4a7da9276b/BitDefender.zip
  • https://bitbucket.org/sadsafsadfsadf/dsfgdsgssdfgdsg/downloads/BitDefender.zip
  • https://github.com/legendary99999/fbvsfdbafdbdqba/releases/download/fdbagbagdbad/adsqwe.exe
  • http://185.156.72.2/files/5297474040/aNXlZBn.exe
  • bitdefender-download.com
Download all indicators here!

Attack Patterns

  • SilentTrinity
  • VenomRAT
  • StormKitty

Additional Informations

  • Finance