General
-
Target
13032024_1703_windows.vbs
-
Size
7KB
-
Sample
240313-kz9fsabc45
-
MD5
3a47e9bac2dc40b84a6b8716664d8956
-
SHA1
4d48fac312f0665c4208dd7200a780aaca4ce61e
-
SHA256
cb6e258f5167046b4e6e7e47a9037e7c31b2232a0f896f403e0805a718b5588d
-
SHA512
bea44385234bbf97e64dbe2f505ab74df64143a5f8376cf5e92f055f7c9856d9d56f622fada3173ef251e0ca7d81d8c6af4aab38cf47a21ea1a4bf5181337d41
-
SSDEEP
192:OhIEa4yGE7pPP2P1tPWeUPfV3PFAPsPx7HmPtzPrP7dJPsbPw2PdCQbPFP1FPZYG:EIz4yGE7pPuzOeUnR20p7G1zzZJC1sQL
Static task
static1
Behavioral task
behavioral1
Sample
13032024_1703_windows.vbs
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
13032024_1703_windows.vbs
Resource
win10v2004-20240226-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
154.30.255.175:8890
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
13032024_1703_windows.vbs
-
Size
7KB
-
MD5
3a47e9bac2dc40b84a6b8716664d8956
-
SHA1
4d48fac312f0665c4208dd7200a780aaca4ce61e
-
SHA256
cb6e258f5167046b4e6e7e47a9037e7c31b2232a0f896f403e0805a718b5588d
-
SHA512
bea44385234bbf97e64dbe2f505ab74df64143a5f8376cf5e92f055f7c9856d9d56f622fada3173ef251e0ca7d81d8c6af4aab38cf47a21ea1a4bf5181337d41
-
SSDEEP
192:OhIEa4yGE7pPP2P1tPWeUPfV3PFAPsPx7HmPtzPrP7dJPsbPw2PdCQbPFP1FPZYG:EIz4yGE7pPuzOeUnR20p7G1zzZJC1sQL
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-