Masquerading as urgent purchase orders or invoices that contain a malicious link or attachment.
Disables Windows Defender, modifies registry settings to launch on startup, and uses anti-analysis techniques to detect if it is running in a virtual machine or sandbox. VenomRat 2.0.rar
New startup entries in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run . Masquerading as urgent purchase orders or invoices that
Unknown background processes like Client.exe or unusual PowerShell activity. VenomRat 2.0.rar