General
-
Target
x1.zip
-
Size
20KB
-
Sample
240201-ts9mmsbfej
-
MD5
85f4f6d331e96a903d3a727063427392
-
SHA1
564b5341097e98ea23405d4fcb6883644f2b0059
-
SHA256
0dd04898c789de9ad4621fc2ef578a2e3bc486251a52869bdc7b66ff898083e9
-
SHA512
182ed0a5492e3863f54c782654531091ee62387af3ba36e5669d3738e76e786cce0569d411ec58480354741c2d0f40034ce86e7f0a3b253d25599db0003dd9ba
-
SSDEEP
384:r80FCUqk8BJuaRSRodVUbYbPybpMcRrkDLOsx2wGIc7O6n45MDlLqHUGc:r8kykLxb/ts2ICOh5MzGc
Static task
static1
Behavioral task
behavioral1
Sample
INV-HB002.vbs
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
INV-HB002.vbs
Resource
win10v2004-20231215-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
momenttoday550.duckdns.org:8890
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
INV-HB002.vbs
-
Size
39KB
-
MD5
f1ba5c9839c03d459473610ff2b4130b
-
SHA1
da9ef99a576597faec6a0c53a95abd82ed742e43
-
SHA256
668ab01816bd3b0e83604ae81eb0e516953783108f59734e7412065b7408bba1
-
SHA512
0111dacdf991d474d9c6ca5d4347d56d9d79957f9d6af851bc754a7da1ebd27df9c4059d54f4c2141c7285dbe8815ef857fa5eb0f5b2e79659df26535d7f1abb
-
SSDEEP
768:75ipq4ZbDxnT2FVOkhDwhR1G0O8YfCHXzWcoCxAXlj7ItJAw:1EqqN0V5CXlZHycVwAtJAw
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-