Техническая информация
- <SYSTEM32>\tasks\venom client startup
- 'ip##pi.com':80
- '20.#2.128.5':4444
- 'pa###bin.com':443
- 'ra#.####ubusercontent.com':443
- '20.#2.128.5':4444
- 'pa###bin.com':443
- 'ra#.####ubusercontent.com':443
- DNS ASK ip##pi.com
- DNS ASK pa###bin.com
- DNS ASK ra#.####ubusercontent.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Compress-Archive -Path %TEMP%\Venom\DarkEye\Browsers -DestinationPath %TEMP%\Venom\DarkEye\DarkEye_Passwords.zip & exit' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /k start /b powershell Compress-Archive -Path %TEMP%\Venom\DarkEye\Browsers -DestinationPath %TEMP%\Venom\DarkEye\DarkEye_Passwords.zip & exit' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "Venom Client Startup" /sc ONLOGON /tr "C:\Users\neilish\Desktop\rat\Venom.exe" /rl HIGHEST /f
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Compress-Archive -Path %TEMP%\Venom\DarkEye\Browsers -DestinationPath %TEMP%\Venom\DarkEye\DarkEye_Passwords.zip & exit
- '%WINDIR%\syswow64\cmd.exe' /k start /b powershell Compress-Archive -Path %TEMP%\Venom\DarkEye\Browsers -DestinationPath %TEMP%\Venom\DarkEye\DarkEye_Passwords.zip & exit
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Compress-Archive -Path %TEMP%\Venom\DarkEye\Browsers -DestinationPath %TEMP%\Venom\DarkEye\DarkEye_Passwords.zip