General
-
Target
EmployeeBenefitsBonusDocs2024.vbs
-
Size
66KB
-
Sample
241217-tyttdatpaq
-
MD5
db10d2a27be78c780e5757b46a265e6d
-
SHA1
36f720617c0f2eb5fd700dc06714fb069dea7eb9
-
SHA256
6096bee06cb4d3d603d6e200d9c4a81f80c1b0fb892fd05cb56c85d50e52c83d
-
SHA512
58e90ac9142a2221c24bf82eb24207097c2d1121c005db1533c646ce2ed461fc1318eab619a524930094711554436ca02de05a722d12cbad0cbed7da33f307c7
-
SSDEEP
1536:813BEKsxa+9hxSiZUq50BPW8TzigIMGX5TXx2ChW3/V79j8:/KMaYhciZtuFVVIMGJXx2P8
Static task
static1
Behavioral task
behavioral1
Sample
EmployeeBenefitsBonusDocs2024.vbs
Resource
win7-20240729-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Dec2024
45.88.88.7:6845
zmkdvkzgwmnzhgvxwwk
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
EmployeeBenefitsBonusDocs2024.vbs
-
Size
66KB
-
MD5
db10d2a27be78c780e5757b46a265e6d
-
SHA1
36f720617c0f2eb5fd700dc06714fb069dea7eb9
-
SHA256
6096bee06cb4d3d603d6e200d9c4a81f80c1b0fb892fd05cb56c85d50e52c83d
-
SHA512
58e90ac9142a2221c24bf82eb24207097c2d1121c005db1533c646ce2ed461fc1318eab619a524930094711554436ca02de05a722d12cbad0cbed7da33f307c7
-
SSDEEP
1536:813BEKsxa+9hxSiZUq50BPW8TzigIMGX5TXx2ChW3/V79j8:/KMaYhciZtuFVVIMGJXx2P8
-
Asyncrat family
-
Venomrat family
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-