General
-
Target
JaffaCakes118_8c1a00e02263f2e8fdc7e04a3037bbad020006319d569162452aa9d616fa4ee7
-
Size
483KB
-
Sample
241223-rsg7aaskav
-
MD5
f84b8f1c47e85dca0ba0725d17571ccd
-
SHA1
31788815627f67b3150e133a409b6e8cb8ee0d40
-
SHA256
8c1a00e02263f2e8fdc7e04a3037bbad020006319d569162452aa9d616fa4ee7
-
SHA512
327d6f6529e970b3a601b29d9613443594364c1ab360c6f1ca2086cb8206ca0e6ec9cd6782420a024bb82eea1d18c36c46c689ff2eadb757ae5a63b572dce98d
-
SSDEEP
3072:7QBgL8npOntBnNOTUMBF6kI1hCRFukPxHOhTUV7V:7QBg7t7OQkF6dw3KTy7V
Static task
static1
Behavioral task
behavioral1
Sample
URFT06GSBAWRP_001_PDF.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
URFT06GSBAWRP_001_PDF.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
resulttoday2.duckdns.org:6111
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
URFT06GSBAWRP_001_PDF.exe
-
Size
300.0MB
-
MD5
464753cd8a6523de0fba921ce6846177
-
SHA1
6b3b77af1129f9ad86acc31163d8450eacb4dbd3
-
SHA256
3221a50204afcf59f4a836680d1e484903ac3aa389c2105d059efc51b8461092
-
SHA512
589d0919ddf11d1e8e8eff15a0f78623742e5ab6b16e2b754f519f3bfc7912ccd6c43ad5ffe5c0e11c315f9835936b6b2039dc579527d50cb25333844b0876f2
-
SSDEEP
3072:1iJZ3k2p8jrvVIYkwur2JMBZ6kINhCRFuaABOUEs64BRg40nOFblHTgr4:1OyRr9u1KJkZ6dIYBUeBRgOlWU
Score10/10-
Asyncrat family
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-