General
-
Target
malicious.vhd
-
Size
6.0MB
-
Sample
240131-fwkk2adhbk
-
MD5
7491027592069e5397c34f7640ac095c
-
SHA1
da667e060b38d380632a640e9fa4f81e9e0157f3
-
SHA256
50b9fff16f73b30b772d443e019f88fd2402a0beaa5377ec2ee9f2a86c6c0fc0
-
SHA512
771cb78f15ef9eb9eb9dcc7f6cd215f40e0331fa1749816e7e44105e7bb1bd033dcb3a37fa11da68ad084f46e118689ee462ad4d669c44f365bcb7d245a754eb
-
SSDEEP
3072:8vDRvBT3Out63w5o6wLtIbemJcNPKR6xnFr4ceN3:8vDRZT9tlNSKShw
Static task
static1
Behavioral task
behavioral1
Sample
$RECYCLE.BIN/$I9E90EG.vbs
Resource
win10v2004-20231215-en
Behavioral task
behavioral2
Sample
$RECYCLE.BIN/$R9E90EG.vbs
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
INV-ER001.vbs
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
INV-ER002.vbs
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
System Volume Information/WPSettings.dat
Resource
win10v2004-20231215-en
Malware Config
Extracted
xworm
moneyinthemaking33.duckdns.org:8895
vZvRiI9PDVfoRdoR
-
install_file
USB.exe
Extracted
asyncrat
5.0.5
Venom Clients
markvenm2.duckdns.org:8890
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
$RECYCLE.BIN/$I9E90EG.vbs
-
Size
66B
-
MD5
7e0d2e0cefae2fc74cd23a243519c830
-
SHA1
aa7264ae3f0a921d7abc73fdcb73006eb2d43e70
-
SHA256
5cc44f56d08673cd0bd6d8f14c30037467371a842b9357b1c07831109629805a
-
SHA512
bfbea668f730b6981509ac7005a92b4e0255abbaeaed19338a4a149271ffed73cd6313742a6ecd5fa1963f211615614ffe0cefef1ef22b42efa1b5f4b431e5c4
Score1/10 -
-
-
Target
$RECYCLE.BIN/$R9E90EG.vbs
-
Size
46KB
-
MD5
100ebb22e2cc8fe99d14a5fada80c76c
-
SHA1
2b5f93cf92d8e054ad750b426811a03bca102b69
-
SHA256
ddc773175de54d23e42a27b287efbb83df994dfb56984b9c658d46e9c3217f1b
-
SHA512
24e0830f6ff0069a5e86b8889744a8e9193f441ccf342e10c66108936423a95a07fbbaf535797f07c78fc1be8b41346cc2f6300f5ad56ec0b48a1f2bf264f242
-
SSDEEP
768:pONutlmJQ4XHeRvBTRyjEU5GAJsIWEb2fKYRqp3wCocE7jMYBKvlGtsJe5x3EKWI:CuthDRvBTIjByIHutCqjMYYvY5ofS
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
INV-ER001.vbs
-
Size
39KB
-
MD5
d7d8d300388defcdec4a1aa3cbd6e77d
-
SHA1
5910727b8e8ca3797958ec85721fc87feec28b7b
-
SHA256
b39988c2c5ced16ec41dead404b39ebf3c3883f0b2377ada2fa23bb4fa4ef6ba
-
SHA512
8bc6d078b5a4b6ed7c782ea3b352e768030f0b9144206c82078ef188f07a9ab92bc6daab12ba3d82ee7391e6e4a7a8227cc27c3e8dbcb2c46bbaef420e6de1e5
-
SSDEEP
768:9BjibXdU/GQo4v84N4rjFkeNSAme0MacUadFu9FH6QNIIKHT:/EOe4E4KnF2e4ceFaQNIIKz
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
INV-ER002.vbs
-
Size
39KB
-
MD5
2238d24d82cad992c8760cdeea5829bf
-
SHA1
e7d1cf1f6832545b9c1332dccaa306c8e052741e
-
SHA256
d18f284aca26c0d0e2797ed99d9561c5bce04d3618866f5491143198c1f041df
-
SHA512
1aa269737f853a7460326092a5cdc914b8da23ec8f4ea777bc49703bc1b80ea2ed0906bfa75aedf05a69fc184e1b3332cf282e296e922617ab5007d88c8d9c41
-
SSDEEP
768:4EOirRdePOJBftG0BHREykgSnFBib2s1oJcI4YZncQNvypRlfA:vOwRda+80BxERbF3smJcwNqRlfA
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
System Volume Information/WPSettings.dat
-
Size
12B
-
MD5
c4cbabea753314b8211c532b3a66dc36
-
SHA1
d87e856dfb0661af451097583f06d2c8083b176a
-
SHA256
4b27bf5ea37a69798d79854934ae5b7905cfed33da36d2bb9c686a8f11ece336
-
SHA512
dbf6442675282a5f50689a96b4af686c813333db9a921da2c29e2cd3503dc49e7365d7a0df6ccb4355abe7c3452b93a407bd60cae67b66df71dc2d6e243e1779
Score3/10 -