Overview
overview
10Static
static
10163.5.169....r2.hta
windows7-x64
3163.5.169....r2.hta
windows10-2004-x64
8163.5.169....r2.pdf
windows7-x64
1163.5.169....r2.pdf
windows10-2004-x64
1163.5.169....r3.hta
windows7-x64
3163.5.169....r3.hta
windows10-2004-x64
10163.5.169....r3.pdf
windows7-x64
1163.5.169....r3.pdf
windows10-2004-x64
1163.5.169....r4.hta
windows7-x64
3163.5.169....r4.hta
windows10-2004-x64
7163.5.169....r4.pdf
windows7-x64
1163.5.169....r4.pdf
windows10-2004-x64
1163.5.169....r5.hta
windows7-x64
3163.5.169....r5.hta
windows10-2004-x64
10163.5.169....r5.pdf
windows7-x64
1163.5.169....r5.pdf
windows10-2004-x64
1163.5.169....r2.hta
windows7-x64
3163.5.169....r2.hta
windows10-2004-x64
7163.5.169....er.hta
windows7-x64
3163.5.169....er.hta
windows10-2004-x64
8163.5.169....r2.hta
windows7-x64
3163.5.169....r2.hta
windows10-2004-x64
1163.5.169....ry.gif
windows7-x64
1163.5.169....ry.gif
windows10-2004-x64
1163.5.169....nk.gif
windows7-x64
1163.5.169....nk.gif
windows10-2004-x64
1163.5.169.28/cmd.exe
windows7-x64
163.5.169.28/cmd.exe
windows10-2004-x64
1163.5.169.28/cmt.exe
windows7-x64
1163.5.169.28/cmt.exe
windows10-2004-x64
1163.5.169.28/fd1.exe
windows7-x64
10163.5.169.28/fd1.exe
windows10-2004-x64
10General
-
Target
163.5.169.28.zip
-
Size
3.4MB
-
Sample
240110-1ba63sgfdp
-
MD5
791696c6bca812e4b443238fe3f9d336
-
SHA1
51e1eee80ddc458e38d8a8bace02f27ba49206bd
-
SHA256
3f04d3267f818beec7a5f29a7780282bdf862a71669230b796b77700a494b55d
-
SHA512
59ae4f46f85377333da911da93ed22ac28e5ec6b61bbf5b57ad2238290494fbf38b7c16ab994bd1cb69d0d3a48c0cc045dad40b377fc947b8d504bc95326ddfc
-
SSDEEP
98304:zZo6YOMbyKDMs7Lv0Wu0usBtdfx7HofyhQIM37ME:VobFeKDBvvL9Jy379
Behavioral task
behavioral1
Sample
163.5.169.28/SCAN-atoletter2.hta
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
163.5.169.28/SCAN-atoletter2.hta
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
163.5.169.28/SCAN-atoletter2.pdf
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
163.5.169.28/SCAN-atoletter2.pdf
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
163.5.169.28/SCAN-atoletter3.hta
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
163.5.169.28/SCAN-atoletter3.hta
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
163.5.169.28/SCAN-atoletter3.pdf
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
163.5.169.28/SCAN-atoletter3.pdf
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
163.5.169.28/SCAN-atoletter4.hta
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
163.5.169.28/SCAN-atoletter4.hta
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
163.5.169.28/SCAN-atoletter4.pdf
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
163.5.169.28/SCAN-atoletter4.pdf
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
163.5.169.28/SCAN-atoletter5.hta
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
163.5.169.28/SCAN-atoletter5.hta
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
163.5.169.28/SCAN-atoletter5.pdf
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
163.5.169.28/SCAN-atoletter5.pdf
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
163.5.169.28/ato_letter2.hta
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
163.5.169.28/ato_letter2.hta
Resource
win10v2004-20231222-en
Behavioral task
behavioral19
Sample
163.5.169.28/atoletter.hta
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
163.5.169.28/atoletter.hta
Resource
win10v2004-20231222-en
Behavioral task
behavioral21
Sample
163.5.169.28/atoletter2.hta
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
163.5.169.28/atoletter2.hta
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
163.5.169.28/binary.gif
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
163.5.169.28/binary.gif
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
163.5.169.28/blank.gif
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
163.5.169.28/blank.gif
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
163.5.169.28/cmd.exe
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
163.5.169.28/cmd.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
163.5.169.28/cmt.exe
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
163.5.169.28/cmt.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
163.5.169.28/fd1.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
163.5.169.28/fd1.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
xworm
5.0
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Default
5.182.87.154:4449
jiqsvporltpvroy
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
163.5.169.28/SCAN-atoletter2.hta
-
Size
1.1MB
-
MD5
0e02311efc79d0580a3ae453f00cce83
-
SHA1
77721025336c37d0df3349badaa71e6610c6d429
-
SHA256
01e20536cc9847e7411bbb0e4d7381774f0e5e4cc86bfd6fdf0e12229d1d2786
-
SHA512
312589562ec740619629402876f4c077b56e0f3985686a6747c8c1d277f1bb56b41c21ef4fa1054178105a584692d3f6fc09af76e5edf4c6773826836c4b7bae
-
SSDEEP
1536:y4pLmOmQ7Mf99jXfqe+Wjyosy3vmr/l1vcmafSIm+lIWFR3QXdpkJJ0sVaVMHfFP:y4pLZmQ7CJXReoz3zH
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
163.5.169.28/SCAN-atoletter2.pdf
-
Size
168KB
-
MD5
94667972ade0e377d8edd7f16730a0db
-
SHA1
7e097e209bfcef8f11ff319fc5d2953fa436875b
-
SHA256
3d29d9e8dd685c045d594a530a29c873b9d6c1957e9616675a0087746d592fa9
-
SHA512
83fbf17fcf72f023f71a68583acdfcd65eeb8702c09f90d10af6e284eb400ce49802a3d26492e6cddc2406aadfdc1f6d14f01c7fc6498b6d2b836f60c81d3d67
-
SSDEEP
3072:9pAXRLFm5rv1Wqu9r1RRbgz/hdcJ0XWLtSvi6dzRov5dMWv4yqF:+RLF8Bux5grI9c6DTMPyi
Score1/10 -
-
-
Target
163.5.169.28/SCAN-atoletter3.hta
-
Size
1.1MB
-
MD5
65a82ba108814502f8de8f9c918c1637
-
SHA1
81bb281aff6d485787f79558b2433a529af5d53b
-
SHA256
dceca8e7f6baca5bd3417c0e05a1e9e934a0c72fe36c79fd3aca451ea2168d76
-
SHA512
477a94c061e96c5b8cdc256e746eb9dbd57339c93bcbd90bb66e2b6d21a7ff9e35b3b0ac7eac7a4c2b308306b06178060c38bce1470f5d94af32d07a97ce2621
-
SSDEEP
1536:MUQr+podgEt/pvBYwPBONWBImr/l1vcmafSIm+lIWFWY7Cy5h7OIxeZeDG52VP+q:ArooW8vhXBHuV
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
163.5.169.28/SCAN-atoletter3.pdf
-
Size
169KB
-
MD5
bcb62044282191bb5294c1435de71a18
-
SHA1
69eaa574d9b0118424c7b204724351811aa0c015
-
SHA256
354993c4965d7445b37c6b256f4c1c5c2086c0b1ec5736b9f179bcd6387a194f
-
SHA512
d2737e5418b4bf0ec7ad736cb4707516e702667f57da1ead88cd0f012f188b087fca8520bb1fb9881356bc920027b177349905a2150784bbf79d039eb3c0e6ad
-
SSDEEP
3072:AvVr51Wqu9r1RRVgz/hdcJ0XWLtSsi6dzRov5dMWP4y0LUy:8BuxHgrI9cLDTMPyo3
Score1/10 -
-
-
Target
163.5.169.28/SCAN-atoletter4.hta
-
Size
1.1MB
-
MD5
4bde59d84e71c0ff88901e353dbe3eec
-
SHA1
3000483b2add41716148b8e11fa283f6db6a9cf1
-
SHA256
992820187d1f871cb816dfb5839c0a71dfde38626d6947b4d912d04cf585454d
-
SHA512
38a11e2bbba9b26f5651d09f072109cb1b77717c53322a47147e1560016d409c528639be48f2044f038a6b24bad5cf0df200a83ca80c5a27d49fe5b91ecbb0b4
-
SSDEEP
1536:sSdyqS4pxRNGWLPcX/WhEdbVhtmr/l1vcmafSIm+lIWFXvD+v/j53mD0QMYPhgg9:ldHzpxdPcPWhqxki
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
163.5.169.28/SCAN-atoletter4.pdf
-
Size
170KB
-
MD5
6959cdb24cc37e1a25fcf1b9aed58fcc
-
SHA1
0659f4eb013280e21a057fa1c3843d4c0043ff90
-
SHA256
753a2e33fc19c1436650f392c23429728a97f4c941bd5493bc227ab04f6f231d
-
SHA512
b56f3c8584d30edcad363d1dc283c8b9edc0d13b4eb68755940f5400a6ea050a27677a1b744a0af1e7bf9ea8ff3af75a9991c20c153dbae0e64eafb3a863886d
-
SSDEEP
3072:ccAr61Wqu9r1RRrgz/hdcJ0XWLtSCi6dzRov5dMWm4yyLUQ:TBuxBgrI9cJDTMEyK9
Score1/10 -
-
-
Target
163.5.169.28/SCAN-atoletter5.hta
-
Size
1.1MB
-
MD5
415d6911c9a6e92b5d3f050668592357
-
SHA1
3f5ddfb1475a25201e443c61e31382100e8ddbae
-
SHA256
87b6bcaa19c9631310bb28100e1ed2c9f2b982fa5aaef48186da150d8d1c4ac3
-
SHA512
6b322e26c4724efa648713c665d6eddc4f2191d9f3a7764076ae8fc8d5f13fd2301238e7aade65b49db71b0ecadd9333af42cfa7e98ae54b554a99eafc45a055
-
SSDEEP
1536:zA8mj3XPCeaTTQT7L/1rTrZwsvCPA68WStimr/l1vcmafSIm+lIWFiWCK4vLwwlY:zA8mrfFITQTH/1rTrZ/CPArtQ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
163.5.169.28/SCAN-atoletter5.pdf
-
Size
169KB
-
MD5
c5de2a211a2580c04d1b5349651d3e4a
-
SHA1
81a25e710c7dc63b10220dbdf39dc48ff11da5f3
-
SHA256
57b4117e2cf9ab76ed554c2bbf192b9868b94202ad5aaff05a593cf3d4630f85
-
SHA512
ad3fead8c0e7820e008bdd9f90b443a20eab0dde9d51a1035e8b40f070d7e381e641a8ae00911bc8c0a4a8e341a9a73e3ee133b78abddbbb442f00ce28efd51d
-
SSDEEP
3072:NPAr51Wqu9r1RRVgz/hdcJ0XWLtSsi6dzRov5dMWP4y0LUD:UBuxHgrI9cLDTMPyoC
Score1/10 -
-
-
Target
163.5.169.28/ato_letter2.hta
-
Size
1.1MB
-
MD5
54ff1471d93aa84c94efd8cbae4c6c78
-
SHA1
11c7d8cd8e02b27aee846c353c32b114a7daa3bf
-
SHA256
e1869d3a88c9190cf43014e3cb48562fc220ff7f6d5baed77c7dfa1c84c5d530
-
SHA512
5eed6c7f0ffc27e96349fa8fc7c959e87ff35561da2b811f2e59c0fa0bd42f53debd4079da4c1df133b8211c38ef48f03b3f8b5471370bcf6ed79d240fdde804
-
SSDEEP
1536:SwxapK31kELNEZ1fos0mr/l1vcmafSIm+lIWFR9UU5gou0gQixFaVEYkEOvMXu+f:SOapK31RBEDws7g
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
163.5.169.28/atoletter.hta
-
Size
1.1MB
-
MD5
47b67f1ef2ff1967fd6eee7f2eee2a79
-
SHA1
e53cecf356df43405a19daf75ff5dcfd8b44f2ce
-
SHA256
6c4beabd874f9b38209eb0cc585fc19407edc997ffb0bf0897c34bf4552f5194
-
SHA512
d9586f412e0a9cecc5909cde9391def8c338ca086ba506366076816f6a4ce8309176e884a133bc11bec731bf1d9bf3b027e42ef6a49b545b000ffee60c6d42b9
-
SSDEEP
1536:jxr5/6p/OpbQEcQIKdquZcod/zA4l2ZFmr/l1vcmafSIm+lIWFeQnoxLPCQwkcUC:jxV6JsMEcQIQZcod/c4K
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
163.5.169.28/atoletter2.hta
-
Size
1.1MB
-
MD5
3aa22e06354205638a0560dfd95ba73d
-
SHA1
bd77bf64a070a8f233197e2db3cdef0879cc446d
-
SHA256
8867f18c416e402fa6c470e2fa207e2ff1809b69a450356bd8a8c854edea4dd5
-
SHA512
ce75e12481f9840666fc783bed155779d75845e0b81f5679dd5ea801ad359527b389b611ca11eda321fb28d77dc10089ebf073c41aa00e51b921ea0cc1c28b8b
-
SSDEEP
1536:qb0rlgqoroRgFUnAFzUbVlt9Ci5namr/l1vcmafSIm+lIWFjBoOuqpd2eWSFU4ww:qb0rlmrkgFUnAFgbVLFnG
Score3/10 -
-
-
Target
163.5.169.28/binary.gif
-
Size
246B
-
MD5
96bd4beed88ff93356586485c13e5d89
-
SHA1
399c2bc3d5ec4fdb4c7a597afdf19eeb64cbdf2d
-
SHA256
8a31e7855292e0a8c66c67ff92ea660743006d47de9f012193cbd123a17ba79d
-
SHA512
069a292c7e5d2e8d76964e901f4922ae8948151c235436cf8abc67e84011f983cd052142381b8d3c7a417f42b06797a6a226da48155d5905e7d92c9847b346cd
Score1/10 -
-
-
Target
163.5.169.28/blank.gif
-
Size
148B
-
MD5
19517fb39a31be6b8d7ccf53ad84908f
-
SHA1
ebbcfdc6acc99f7aac3bf7fe72bc55f07f03f7e9
-
SHA256
3cb0e54babf019703fe671a32fcc3947aab9079ec2871cf0f9639245cc12d878
-
SHA512
be752ff4c7aa3ab46fdbd93555a17e422e7c8b8661f40f899f51ec9393b510dcb2e66436a4f2c78a42af77dd95e01a3438c88cfaa3e0b02694c1912d5294ee16
Score1/10 -
-
-
Target
163.5.169.28/cmd.exe
-
Size
283KB
-
MD5
8a2122e8162dbef04694b9c3e0b6cdee
-
SHA1
f1efb0fddc156e4c61c5f78a54700e4e7984d55d
-
SHA256
b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450
-
SHA512
99e784141193275d4364ba1b8762b07cc150ca3cb7e9aa1d4386ba1fa87e073d0500e61572f8d1b071f2faa2a51bb123e12d9d07054b59a1a2fd768ad9f24397
-
SSDEEP
6144:k4WA1B9BxDfQWKORSqY4zOcmpdlc3gJdmtolSm:H1BhkWvSqY4zvmjOwJIT
Score1/10 -
-
-
Target
163.5.169.28/cmt.exe
-
Size
8KB
-
MD5
dc0d40579447b035d980cf0b8cd7667c
-
SHA1
c907f983cb27d5caec6c941e0712afcc973487d0
-
SHA256
36ed94fb9f8ef3f5cbf8494ff6400d0be353ae7c223ed209bd85d466d1ba1ff7
-
SHA512
ed37522b52b617877b5e5f7023a0138baf396c0b33393d6155dbb6bfa4b3347b737e5493cbde634fa1937d0094a7b9b543929e6f32b35331a8c6dc838f38d51b
-
SSDEEP
96:5g48vbNEbfZlmg9fVFBHDqPkNR0bejUoKKeyDvYKx4YG4qyZQFq+zNt:5ghJufi6tXy20Kj2KeyDQKqYXqMQMY
Score1/10 -
-
-
Target
163.5.169.28/fd1.exe
-
Size
649KB
-
MD5
b9a42052c81229de87b90370c7e8ef56
-
SHA1
8253ef8fe65f68ea7e0cc11bcdc06ec91c8d3290
-
SHA256
2799308c4b285f662d2954b3d9900951d74ae0cdde04b80ff865221817103f3b
-
SHA512
0e6a1b3d66c2401f8b8d5f8b2cae7d4912fa73565faf4c21686caa63a0d81eda952d6070edb57e7577c15c896caff3e52a6671713cfaa13ed21bab7accb86755
-
SSDEEP
12288:tOSF/ZdMP5WlYj6Fs/HI6C96D7cyTZ33a33S333333dkS9Jy9:tLrMPkDFB6+2NkeO
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-