General
-
Target
JaffaCakes118_d6759962ca644dd8a950d33c55b7b799a731540eb73166e29257a0e4139be7f5
-
Size
8.0MB
-
Sample
241221-w24tvswjht
-
MD5
8941ee85726c886a7a32ba0be8865212
-
SHA1
8bbd7c93c7664e6b3d07c65007d2bd1f1a7806ba
-
SHA256
d6759962ca644dd8a950d33c55b7b799a731540eb73166e29257a0e4139be7f5
-
SHA512
aedd101bde18e34292d9ea5e41285f70372ee0d207f037d812a157a0d53753941da3640d2915f04afc76e3193e88c655a8939e4c3e79e090dc26070623ef286c
-
SSDEEP
12288:0b9Xn7Mu3qI70cNLTv3rb9Xn7Mu3qI70cNLTv3z7s8IyZV:0JX7MA0cNH3rJX7MA0cNH32yX
Static task
static1
Behavioral task
behavioral1
Sample
6002845UDOOPZE.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6002845UDOOPZE.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
NOV-7(VHD)
saddlepoint.duckdns.org:25045
q0qeiwx9cj
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
6002845UDOOPZE.exe
-
Size
301.0MB
-
MD5
a0101393af76c8defc685601bf00b050
-
SHA1
06deea9b7e544d86599c27e77b02193ba8ea65d7
-
SHA256
2b28db92f130ef4d71ccfbc40b2456e2f82ea645a9d493f681269fe08e277cb2
-
SHA512
cd59e33c5238445e5947775d57867204e8917232bd3a19787d20e269cba8dd8396ecf43f693480d4326b3725bf785b5c17e15ca7e81a836cfd5acc056e77d19a
-
SSDEEP
3072:Ixrfsl33+seYAlFpKb45eoUeGo2mT9Vua0Hi:67s8pKrlePZV
Score10/10-
Asyncrat family
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-