What Is The Venom RAT? A Detailed Explanation of this remote access tool

VenomRAT is a remote access tool discovered by 2020, and it is used by threat actors to control the infected systems remotely.
Updated on
April 19, 2023
Published on
November 19, 2021
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.

Executive Summary

  • CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a cybercrime forum, advertising VenomRAT.
  • VenomRAT is a remote access tool discovered by 2020, and it is used by threat actors to control the infected systems remotely.
Category Adversary Intelligence
Affected Industries Multiple
Affected Region Global
Source* C2
TLP# Green
Reference *https://en.wikipedia.org/wiki/Intelligence_source_and_information_reliability #https://en.wikipedia.org/wiki/Traffic_Light_Protocol
[caption id="attachment_18224" align="aligncenter" width="1090"]VenomRAT - Threat actor’s post on the cybercrime forum VenomRAT - Threat actor’s post on the cybercrime forum[/caption]

Analysis and Attribution

Information from the Post

The threat actor has listed two versions of the RAT, the second version of the RAT includes HVNC (Hidden Virtual Network Connection).
  1. Features of the RAT include:
  • Connect with the system remotely.
  • Get the system information  
  • Remote Shell 
  • TCP Connection
  • Reverse Proxy
  • Registry Editor 
  • UAC (User Access Control) Exploit
  • Disable WD (Windows Defender)
  • Format All Drivers
  • Change client name
  • Enable install 
  • Anti kill
  • Hide file 
  • Hide folder 
  • Persist on the system as startup / persistence 
  • Change registry name 
  • Encrypted connection
  • Enable keylogger Offline/Online
2. VenomRAT with HVNC
  • HVNC Features, Included all the features of the Venom RAT
  • HVNC Clone Profile
  • Hidden Desktop
  • Hidden Browsers
  • Support WebGL
  • Hidden Chrome, Firefox, Edge, Brave
  • Hidden Explorer
  • Hidden Powershell
  • Hidden Startup
  • Reverse Connection
  • Remote Download+ Execute
This RAT was discovered by 2020, and based on open-source research this RAT is built on top of QuasarRAT which is an open-source legit tool used as a Remote Access Tool.  

Source Rating

  • The threat actor joined in October 2021 and has a deposit on the forum 0.010092 BTC.
  • The main activity of the threat actor is related to advertising for VenomRAT.
Hence,
  • The reliability of the actor can be rated Fairly reliable (C).
  • The credibility of the advertisement can be rated Probably true (2).
  • Giving overall source credibility of C2.
 

Impact & Mitigation

Impact Mitigation
  • This type of malware gives the attackers the ability to control the victim machine and wreak havoc in the system.
  • Avoid downloading suspicious documents from unknown sources.
  • Avoid clicking on suspicious links.
  • Enable the visibility of files extensions, and have a vigil eye on the file extensions.
  • Update the system and all the applications to the latest patches and updates.
  • Ensure the usage of MFA.
  • Use up-to-date antivirus and anomaly detection tools.
  • Use updated EDR solutions that help in monitoring the network.
 

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations