General
-
Target
rupdate.cmd
-
Size
61KB
-
Sample
240311-yrrgwsch4w
-
MD5
e2c6aa50d199d28c6c91c31f4a0cecad
-
SHA1
281110edb18aa02b0f7bda95842bbfc89fa18df3
-
SHA256
ff563d075c5fc7628d94f0d8e4c3d594bb1cefb40faa995211d5bd854f87573b
-
SHA512
769f9fdff4bb299047733cc899303b1c4af2db0c72dba2aa13c7f1635c8256ee3e06a5ff46755f6c337fb4a87ae0c6d07288cc21fba84d2fa54800a8553a75cf
-
SSDEEP
1536:fvRba4CqbY73esiV0iqdvcl0odSVZnm+C:XsfesipWvUw2
Static task
static1
Behavioral task
behavioral1
Sample
rupdate.cmd
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
rupdate.cmd
Resource
win10v2004-20240226-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
momentdhs.duckdns.org:8897
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
rupdate.cmd
-
Size
61KB
-
MD5
e2c6aa50d199d28c6c91c31f4a0cecad
-
SHA1
281110edb18aa02b0f7bda95842bbfc89fa18df3
-
SHA256
ff563d075c5fc7628d94f0d8e4c3d594bb1cefb40faa995211d5bd854f87573b
-
SHA512
769f9fdff4bb299047733cc899303b1c4af2db0c72dba2aa13c7f1635c8256ee3e06a5ff46755f6c337fb4a87ae0c6d07288cc21fba84d2fa54800a8553a75cf
-
SSDEEP
1536:fvRba4CqbY73esiV0iqdvcl0odSVZnm+C:XsfesipWvUw2
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-