General
-
Target
QUOPDFH08HSCAV_001_PDF.exe
-
Size
2.1MB
-
Sample
220927-ygp63sfdgn
-
MD5
269d77ceef4f796d137736c2dc1aaa1c
-
SHA1
f31bcd87587432293f3947301da1b719b2a85993
-
SHA256
7b8903ecd317229c5143148041cb99ac5ffa9423465d188174f0a08059be03e8
-
SHA512
1dc7b9429fb7ce5c80991728ddd073f3b6c90bb5c6ef550766c727b896d1f785d258603897f3cb295e8a627a51c8d6305abcc5baa88e31e46549c0b9c10520c0
-
SSDEEP
3072:UV3mYPmt+qHIhx9jkS/F0M7zO6Ycw0TmBOUEs64BRg40nuFblnTAyO:gVPRzOvcwLBUeBRgulW/
Static task
static1
Behavioral task
behavioral1
Sample
QUOPDFH08HSCAV_001_PDF.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
QUOPDFH08HSCAV_001_PDF.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
saralynnp8.duckdns.org:8302
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
QUOPDFH08HSCAV_001_PDF.exe
-
Size
2.1MB
-
MD5
269d77ceef4f796d137736c2dc1aaa1c
-
SHA1
f31bcd87587432293f3947301da1b719b2a85993
-
SHA256
7b8903ecd317229c5143148041cb99ac5ffa9423465d188174f0a08059be03e8
-
SHA512
1dc7b9429fb7ce5c80991728ddd073f3b6c90bb5c6ef550766c727b896d1f785d258603897f3cb295e8a627a51c8d6305abcc5baa88e31e46549c0b9c10520c0
-
SSDEEP
3072:UV3mYPmt+qHIhx9jkS/F0M7zO6Ycw0TmBOUEs64BRg40nuFblnTAyO:gVPRzOvcwLBUeBRgulW/
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-