General
-
Target
JaffaCakes118_d12d87e04dc64cbc675d39046f6cd496f84da00d880a721979a11811c8728716
-
Size
300.3MB
-
Sample
241222-e5g1tstlhz
-
MD5
df826b38b74eff53eb141474fb2ebe99
-
SHA1
a13f64639fcd5c200d60c736458b25b7a95c3932
-
SHA256
d12d87e04dc64cbc675d39046f6cd496f84da00d880a721979a11811c8728716
-
SHA512
2b43472ae906cf991927860840361e746714e1e4058038787bee0958d7577c8a01c177b180863db01596571dad353d6cfad28b84b6a969ed564f3ec13df3431f
-
SSDEEP
3072:vq1IYuRXuhcSOY/hQ6d1XmRsDvHt02pWJJ67rmvHszvTBFUa:yyY6TYC6d1XjxpWJmryHszvTBFZ
Static task
static1
Behavioral task
behavioral1
Sample
RVF001.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
RVF001.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
RVF002.vbs
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
RVF002.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
ry8325585.duckdns.org:6087
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
https://schoolcrypter.com/dll_startup
Targets
-
-
Target
RVF001.EXE
-
Size
300.0MB
-
MD5
fdd6bb2ce995b36d49d3196894192988
-
SHA1
9e8b9db35c796ccd6622771ffc5d333038d3333d
-
SHA256
a09c85265ae57ce325328a06925d3fbc61021f2ca815d00858c3024ab6f8e3a8
-
SHA512
e337f94b47930a8e01ef4877a45578c9e1bf430111a6c27de03f50cee599717e4c0605f01f41d70b2123ef3bf12fb695893965876cd90ac4a17746dc8b7389e2
-
SSDEEP
3072:9q1IYuRXuhcSOY/hQ6d1XmRsDvHt02pWJJ67rmvHszvTBFUa:UyY6TYC6d1XjxpWJmryHszvTBFZ
Score10/10-
Asyncrat family
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
RVF002.VBS
-
Size
236KB
-
MD5
7b474b087d336f766ba4cd74067e2786
-
SHA1
aac3de5ebd60465dabdd78033637819b68d1e91b
-
SHA256
92d4a215bc6adc95dec27c087a23e307dcebd79b2abcbb76f9f9dc08a70b3e5a
-
SHA512
e431562d6a08d91075c8498dd88de3c83a7e21bf627263254f3b62e9f9b5493a34f1f942412865e3bd4bc3bcfc4ff2c8f5223aa0fa58601803d1f43451f50dfe
-
SSDEEP
24:QnODOUWlHllyjOMyE2aL8gVEuMvywFfV7N9Riwnwm43YQ7FYiVLneMDTFv9vPvWE:yKVWtl6OeqyYLQeMHNOSAgHyLKhB
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-