General
-
Target
11012024_1641_Inv#0UKSA.zip
-
Size
12KB
-
Sample
240111-klfasadea4
-
MD5
46db45dc04368584f76850bf1b1adf3a
-
SHA1
e1259e94773017fe4fad6d09a90883aa00a511f9
-
SHA256
bc66115538fa11a42692f96f4c80b68cb82fc7c1f4903892965fd6430ed7ae4d
-
SHA512
230e3677e59a9e3fe5fd71ca3a56f3af8eff960e99c09c2b8544a3b5f7f3a49a687fcdcc6a4d1a51337eb6fed8e71fdbb2cce210046089a430cfbcf87c7b3464
-
SSDEEP
192:cfw1X7B55Y7DT1vYAnMszj+5qZ4dGGWf2Ufc2XD9J00Ze+JuZCBGEyCoHyD:FXlanKAMO+5q2dGDf9N9OeJylE
Static task
static1
Behavioral task
behavioral1
Sample
Inv#0UKSA.vbs
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Inv#0UKSA.vbs
Resource
win10v2004-20231215-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
jossmaybs.duckdns.org:8890
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Inv#0UKSA.vbs
-
Size
28KB
-
MD5
2303f521d758fac012e514be08566f56
-
SHA1
f6a8c4556aadef5cb658f48c3e1d41ca33afb354
-
SHA256
a0cda8f97dc4931e609d65959e559f980bc1fdefaed7e89b81971a9e7354f782
-
SHA512
d4141ec8727faa3786e42c2d7d90a16926cbad915736a82291164cbb00e3d3ea1773da448c016a8e957a855dcc479124132a79b4d430a1af674a655d1ea622e9
-
SSDEEP
384:CKov6nfBRWJvv2ADlTI3669/K+dFPTFj2Dq7pfjEX6Q8AtUnkQq/f0cV:CzvMsJXvlT29yIFKDqtjEK7o7PV
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-