Overview
overview
10Static
static
1google/INV...BA.url
windows7-x64
1google/INV...BA.url
windows10-2004-x64
1google/INV...AA.url
windows7-x64
1google/INV...AA.url
windows10-2004-x64
1google/dial.lnk
windows7-x64
3google/dial.lnk
windows10-2004-x64
7google/file.bat
windows7-x64
8google/file.bat
windows10-2004-x64
8google/file.ps1
windows7-x64
1google/file.ps1
windows10-2004-x64
10google/file.vbs
windows7-x64
8google/file.vbs
windows10-2004-x64
10google/iz.ps1
windows7-x64
1google/iz.ps1
windows10-2004-x64
1google/kam.cmd
windows7-x64
1google/kam.cmd
windows10-2004-x64
10google/las.cmd
windows7-x64
1google/las.cmd
windows10-2004-x64
10google/pw.ps1
windows7-x64
1google/pw.ps1
windows10-2004-x64
10google/py.ps1
windows7-x64
1google/py.ps1
windows10-2004-x64
10google/quark.ps1
windows7-x64
1google/quark.ps1
windows10-2004-x64
10google/time.ps1
windows7-x64
1google/time.ps1
windows10-2004-x64
10google/update.vbs
windows7-x64
8google/update.vbs
windows10-2004-x64
10google/upload.vbs
windows7-x64
8google/upload.vbs
windows10-2004-x64
10google/version.bat
windows7-x64
1google/version.bat
windows10-2004-x64
1General
-
Target
19042024_0735_google.zip
-
Size
33.6MB
-
Sample
240419-jgm96ach9x
-
MD5
b8c2264581d1327bb282e3e71914676f
-
SHA1
d65cf9bbd1cb8d4bb0d736575b4283d4b62f8a91
-
SHA256
d4f575cced861efb0d1d18469cc0ec6da2df483bfee7e1b22769f1d088e12dc4
-
SHA512
f5fe961adfd2405f343d5682eee23f5966aab5f7616b01d214af6a2ab628c8b04f0333b027c0676f21e75e94ac26e55225dd4bf8808999d49453e2a27bd53e71
-
SSDEEP
786432:66ELfONo5NXT4rW7R0jz9RZWxfn07oeUUGetl2DjJKJ9sCBpKRNkBnADW4W2Megu:/ETKo5NDv7Roz9R4fnSiUhTIjkJreRQK
Static task
static1
Behavioral task
behavioral1
Sample
google/INVOICE-RVSA03HDSVBA.url
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
google/INVOICE-RVSA03HDSVBA.url
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
google/INVOICE-RVSA03HDSVBAA.url
Resource
win7-20240319-en
Behavioral task
behavioral4
Sample
google/INVOICE-RVSA03HDSVBAA.url
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
google/dial.lnk
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
google/dial.lnk
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
google/file.bat
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
google/file.bat
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
google/file.ps1
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
google/file.ps1
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
google/file.vbs
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
google/file.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
google/iz.ps1
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
google/iz.ps1
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
google/kam.cmd
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
google/kam.cmd
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
google/las.cmd
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
google/las.cmd
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
google/pw.ps1
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
google/pw.ps1
Resource
win10v2004-20240412-en
Behavioral task
behavioral21
Sample
google/py.ps1
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
google/py.ps1
Resource
win10v2004-20240412-en
Behavioral task
behavioral23
Sample
google/quark.ps1
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
google/quark.ps1
Resource
win10v2004-20240412-en
Behavioral task
behavioral25
Sample
google/time.ps1
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
google/time.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
google/update.vbs
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
google/update.vbs
Resource
win10v2004-20240412-en
Behavioral task
behavioral29
Sample
google/upload.vbs
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
google/upload.vbs
Resource
win10v2004-20240412-en
Behavioral task
behavioral31
Sample
google/version.bat
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
google/version.bat
Resource
win10v2004-20240412-en
Malware Config
Extracted
asyncrat
5.0.5
Venom Clients
kdfsv.duckdns.org:8890
undjsj.duckdns.org:8890
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
xworm
5.0
kdke.duckdns.org:8896
QEL4wgqwsRH2WthB
-
install_file
USB.exe
Extracted
xworm
3.1
nmds.duckdns.org:8895
jdokds.duckdns.org:8895
O3B5rRVaa3oX74CD
-
install_file
USB.exe
Targets
-
-
Target
google/INVOICE-RVSA03HDSVBA.url
-
Size
150B
-
MD5
d5c34720ad7e0e29bcd724c00ac9491e
-
SHA1
8d59449befafa7b638bf364d4467de187282d4e7
-
SHA256
dce876e5de5ce757fd8e9a6ee85b194e151c1ace3be07f361356ca5d62251a81
-
SHA512
5f79513aa958de3c66f1b137f52321f8f4408fdfa64efc19ef72fedb02d898807b6e2b5689b9fa3edc129e2912e5cdc706abeea42890ce8645fff6ff777efd34
Score1/10 -
-
-
Target
google/INVOICE-RVSA03HDSVBAA.url
-
Size
149B
-
MD5
a24d9a27e90f312716c1b043563acbe2
-
SHA1
469084d448acef98df310716aea90a8cbd7524c6
-
SHA256
bb3a6fb019866692164261ca3df1c910831939107cbb14e2ca6c897d164b8a3e
-
SHA512
8f97eb3c1dd5515c2b62b26e2e8fec58542ffcd10bc7d63c0d8dfd1557457b9405509f3be582788024dc113bc6ef20a1e421b44b32a1a790be7f31e9f1070f0b
Score1/10 -
-
-
Target
google/dial.lnk
-
Size
1KB
-
MD5
b42626d610570601118af8b237e3b710
-
SHA1
4d56996318e9186c2705395dddb442e54e3b81c7
-
SHA256
612272923012bbff2a2ed5d7cb75954213b625b53bc74ad124f53f21b1f56992
-
SHA512
17a2d046a8a69b2ef11b249cd0374ba81fa7f2b1db7bcd92b2ea8252f137c02caa8dc0e1d27d8808085ca425da6b83c66f18e0bff9da2e8d31fd45062ba9d77e
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
google/file.bat
-
Size
2KB
-
MD5
47737b3cdff92450dfff3b683b940b00
-
SHA1
1f3e5a8b0481e789b95322ef0a8492c07838259b
-
SHA256
76c376c91bdc33f071b1bf4bc299d058d11bad330c1726711f679a5cdbeba7da
-
SHA512
e7d14ca6777ac2e770bcd7dd048ace050e2c25d975fddf2bddfccc4c69fa659771b6856db4e913d2059dd6ace66982fcdb5c8dd9034c84bf2514f5e9736903d0
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
google/file.ps1
-
Size
13.0MB
-
MD5
20788a06a96ae4d92417ace4661d559a
-
SHA1
239d40f67c27ae2e70c698237a3b27401ef5d37a
-
SHA256
8cc2612a8d44d4aebad26bd6ea254ad25f959497391ccfff127a56fad42eb4d5
-
SHA512
c3bcb3bbf117a933738a85590cf98f0fbd7f995c2b5a559850f089111aac87a774c42110da4237f31bd49a9d7ae2751d77eb3f72aac130c81163c13d58383511
-
SSDEEP
49152:QZuX/CRIRerx1exkxTf0i0vcfo/wFlAPp5Bl0jNlD33oi:
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
-
-
Target
google/file.vbs
-
Size
112KB
-
MD5
29610513449d2e86092c8ebb5489c714
-
SHA1
92e5fa9c0dd723c3fa91342883348364514a297b
-
SHA256
6f31464838059f8884d38ebd4569e5fba95562724baa0269213aeb18d000d258
-
SHA512
18e3f8680fd21f5db3a527d137109e273727b7531d52dd15c47f3a96fcc80bd9ca1acec33ab9987e687d3d5ced41dc3f1c97db2ba4cf3f50bcad403a2cae9e4a
-
SSDEEP
1536:2q7JZCQkx0kU1lBHFcJUJI+YZb5bJ9Gmgz/+rtfRDFqGb5uJZUU0tKl9CP8Z:2q7JZCQAZU1DHFUGmgURDFBe0tKl9CP4
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
google/iz.ps1
-
Size
1022B
-
MD5
a2c5ac23463aba29658f4857a9dc3c36
-
SHA1
051fd9d95aaded97058bfc4f6183bfd92a6e66fc
-
SHA256
c1235f0cefde4c3e8ebe26b07159505ca219fcfd7ef2dd75433ebfe424343a2d
-
SHA512
66c09ef0c5dc9ed94c9848a5d056ba63249439320569e86408817bcb677265b51ab10b9a4c0f5ac0d56cc09d4859a492741e230e0ffb50f2553e797c604424c2
Score1/10 -
-
-
Target
google/kam.cmd
-
Size
63KB
-
MD5
8c278ad6dd06fbcd0a767e744b62c785
-
SHA1
e30a7793d54f89e1a364e0fbe710686c43a7be88
-
SHA256
7be0bbf4d2a43ff457f55453d03b1cd85b7541396f7823ae51003b271fa0b0bc
-
SHA512
36721787b046e00e3d183e7d83cdb3263ae151fd080e57e331e0f10667d04fca5412092249920f6566d5d8a640ecb819539103e1606599095be0af7fe9fd18b2
-
SSDEEP
1536:r5JAG4vBFdvhBqi69GQys/xQ+sNIh/tQW9odEd/cLl:jSBFthBqiyZQzNFW2Ll
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
-
-
Target
google/las.cmd
-
Size
62KB
-
MD5
0f4e4a34957f9fe83f27d546b84a45b5
-
SHA1
061e7e22532a040216599172d95e4a6c9e182f5c
-
SHA256
017776a2a973c92abe751035c0ab51477a70c8f708f6b11f77d26a918f540550
-
SHA512
edf085d79f63e92fa4a991d3f0d89d638bac80ed7a625021ffe3bd7a10bbecd123a433e29f213d50e93a39954f23b1ae2c639a8cd7795f186423440514455329
-
SSDEEP
1536:BaaKPbwiQ6umEAOHVGb6jxS7C2NxQlZgwJjALiqn/VM8g:BaapiQ6XOHwb6jR2Nx0JjALiqn/VM8g
-
Detect Xworm Payload
-
Detect ZGRat V1
-
Blocklisted process makes network request
-
-
-
Target
google/pw.ps1
-
Size
13.0MB
-
MD5
249ff445b626b67825fac1bddfc438fe
-
SHA1
04e58edfaf33614dcdbcf8e83f92eca2b54ef0ca
-
SHA256
b3b5020cc31affe0bfe606f66f02ca7467a1c9fd403c46ccf8a3b884b8a67443
-
SHA512
2e364f28a692fab129d171627b06a0c422074dd56d94348962919ee8793fd35eaa092418c8d3f9a2a54a9d9dc69a72c77b159d5cdcc690e280f78dcb4e4e07b9
-
SSDEEP
49152:UZeetsZuLotjcY3pFrWRxAOio2FETy6QpV/:
-
Detect Xworm Payload
-
Detect ZGRat V1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
-
-
Target
google/py.ps1
-
Size
13.0MB
-
MD5
7b39704c31b1737acfe3fd4d5c2b484c
-
SHA1
21afe7606b8b55b6f99e7bfb798a1f82a1c1c96a
-
SHA256
d8fb42967c3a5ad703a9bfa2ed0a5e037646e9f04e55009220b94a8a8326b564
-
SHA512
e47887922094c24e4855c6e3a5d124de817ced17a87e7e7cdd8129e851cc3054e27c958c0c784167b743669dfa2786abd3f8e1524b2c4c2bcb7acde54b1a4357
-
SSDEEP
24576:rpyaxmgWghevRgMNxAuL9jZXOPFIsKgSo2cMkTCJeyS/eM8dCXqNb9m6Kx/pOgWW:6mVhTP3+SVb02XpOoxz3pM1xqZzSXX
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
-
-
Target
google/quark.ps1
-
Size
13.0MB
-
MD5
918d10fa6fd003a0bea73d2ba50538e0
-
SHA1
a089fbb17927d4a84d25e910b3d0cc7ea12faf1f
-
SHA256
4e842547867c928696600f51943bb9611adb9afc4741358fd5a97f28dcabfcf5
-
SHA512
a442521361cfdfd43f13250cb2b995a6e20713cf5559b504b2e3bc38ef12106a44f9e2eb279be200d73fa74559eeef7fa884d5dd2d85338dba846483290c1638
-
SSDEEP
24576:rWFjASpSiK44861Lh5Z5wt0WxLQ/qA31hC/v18Oa7OPgp6YxuYTj3bfQJ3gFKpLh:SyItZfFNKCIRqiEu54Hvp1jW1o96lj
-
Detect Xworm Payload
-
Detect ZGRat V1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
-
-
Target
google/time.ps1
-
Size
13.0MB
-
MD5
d29cd28669066f49c38744164a8f44f3
-
SHA1
928fe3573053822d55a9bfcc7790ce1cbde907f1
-
SHA256
d6cc2576c06a2c08834e11734dd4b7aae559ddb335e901a98ec215cec315f489
-
SHA512
b66db9fc5d501f0207f01e622a2aa99eca7f2d5e1d0a3eaa2cbab510f39d4cae4fe0a557dc697515e426791bd29125e7811ccaf2ae8a5a8b635f7008eb0522e1
-
SSDEEP
49152:cNvbOQjSUP4oM+ymOWEMK0aG59jNA/0v44:
-
Detect Xworm Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
-
-
Target
google/update.vbs
-
Size
111KB
-
MD5
94feecc2b69e9b1557f88b827dc3cbdb
-
SHA1
929227dfec9f1525958075ca46611b5cf04173b1
-
SHA256
464b5f5018afa78fbbbf600f035c777574acb6d3074bc86cbc18d1a82bc0d22c
-
SHA512
82589f8b832fc614062425855d9eef4651a0fbf6bdbec380955ecd1f1ead874b19a338bbdb71631d8dada3ac71a1e4d90e3290705d5f443878ee5b864f499489
-
SSDEEP
3072:7DGZL8GCViU1DHFUGmgURDFBe0tKl9CP4:7CZLO
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
google/upload.vbs
-
Size
111KB
-
MD5
fd209cb2a6b4b2a30bdd555b6bfe07de
-
SHA1
4254546335db28c8e01ffa222660e64726d655b4
-
SHA256
479619ff2c733e5a890826c88fa2fa827a380275899b0390a59622c1a3bfa53b
-
SHA512
e9f2332a6f054c77a68714856057e55a971b59ebf0f987b5b2b26dcd41320fc6c19b844a897f8f8830031d210a6bd0a75bb2981cf91ac3a283ec575c6dd16902
-
SSDEEP
1536:+MzRLjSUU1lBHFcJUJI+YZb5bJ9Gmgz/+rtfRDFqGb5uJZUU0tKl9CP8Z:+kLjSUU1DHFUGmgURDFBe0tKl9CP4
Score10/10-
Detect Xworm Payload
-
Detect ZGRat V1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
google/version.bat
-
Size
2KB
-
MD5
9ae07d6712738911e152d68f131ff92d
-
SHA1
dad1b3e80fcf87a39e14577eb8421cf5baccf9f8
-
SHA256
7ed6a024ab99ca25ac07d8484d53b8846493f17d8dfdfe941732433de5bac12b
-
SHA512
2e603bcd8ec0e5c71ea8e0ad01acca94270c8b756d92af40a8f0d4edd3f5e5e503f4b9a1968105f1d32b39b2be7ad27692fd7feb31e1b308bf285954c7040805
Score1/10 -