General
-
Target
VRFAVS02JADFSYP04_pdf.zip
-
Size
252B
-
Sample
220921-d953saaeak
-
MD5
6e0cb15e498497bb307d83dfb899ccad
-
SHA1
75b0209f8688dbfc53cd0f242d73d55eec2d6f86
-
SHA256
970e824d2d6de840b0408008353e8190b3c9ea65611593f34dbda8810c767f7e
-
SHA512
c8c9431d786f679a95ffb1a689afda42249f4a2810bc8d482e8b5e921b5ce38969951fb51092bb95d37a06718c1611761bffc9ce8a9470d8ee1201228e7b3be9
Static task
static1
Behavioral task
behavioral1
Sample
VRFAVS02JADFSYP04_pdf.zip
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
VRFAVS02JADFSYP04_pdf.zip
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
VRFAVS02JADFSYP04_pdf.html
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
VRFAVS02JADFSYP04_pdf.html
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
stoo02093.duckdns.org:5029
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
VRFAVS02JADFSYP04_pdf.zip
-
Size
252B
-
MD5
6e0cb15e498497bb307d83dfb899ccad
-
SHA1
75b0209f8688dbfc53cd0f242d73d55eec2d6f86
-
SHA256
970e824d2d6de840b0408008353e8190b3c9ea65611593f34dbda8810c767f7e
-
SHA512
c8c9431d786f679a95ffb1a689afda42249f4a2810bc8d482e8b5e921b5ce38969951fb51092bb95d37a06718c1611761bffc9ce8a9470d8ee1201228e7b3be9
Score1/10 -
-
-
Target
VRFAVS02JADFSYP04_pdf.HTML
-
Size
102B
-
MD5
372fbd869903bf41bc892d715783ae8b
-
SHA1
56ec1889b796449d13b4d2040cec051ce07f90a3
-
SHA256
6916533072653305d17d18d8196f7dceadd8952e200319054ece51d4e394bdc3
-
SHA512
8955d789e9b130fdf987a02f48f581a4ec4068abf02fa3d26913eb61c4b45906a12607773d3c43bc63064cf1166177c466b2ec7939d235ac6aacd54f4a0d8198
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-