General
-
Target
InvA0HBSA (1).zip.zip
-
Size
12KB
-
Sample
240115-nvzbssgah8
-
MD5
dc66f8cd632e8ffae171ede2716699f1
-
SHA1
72d9dea2063eb7c1b9397220ea28e4e795b9ea97
-
SHA256
4ac61785aefa51d0cc0c78e4c194bb8eac37a76f5d5a9dbbe5f7eb091a8a27bc
-
SHA512
058521183d20d59f582d98040db0ca18cd2137f02805681e0ab499dc7b367b7a4899fbcbf9d50a4c86fc4305e23930cc1ca1c43ecbda5040530a04281e021209
-
SSDEEP
384:zB6bFKI3GUcz15wLC1AIbJxl1pvHv6vY93:z8KIWFgkv1pvH33
Static task
static1
Behavioral task
behavioral1
Sample
InvA0HBSA.vbs
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
InvA0HBSA.vbs
Resource
win10v2004-20231215-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
jossmaybs.duckdns.org:8890
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
InvA0HBSA.vbs
-
Size
27KB
-
MD5
d4a47e31198387dc5ff6b8da6b3c6b71
-
SHA1
46d8d84f1049a194e669509aba1611085c3f78ee
-
SHA256
8515dc5453bddbfe9669b774098e9b72954baf1347eb9fc90a755cf13ff17dee
-
SHA512
33c3c10b6e7d3b662d51662fa0e1479b74b3321719fae946bd9108fc9d0cfd77917e496a0f19378844a5320372ceb88787871001a0b60fb1f2b6bc647337c5fb
-
SSDEEP
384:HYp10ZIqRWP5wlf67cetFT/VvkJHMofujyLPZD1xngeQtjV:4ptqsPKF6QcT/tkJsWujyLPZgeaV
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-