General
-
Target
JaffaCakes118_9160c4962d732d3bedfbb9da1634c2393b6564fc5b1f8a1ce62de5a4ed172e8b
-
Size
567KB
-
Sample
241224-cyjvqsyrez
-
MD5
0ca38bd4a3bea8fe36c7433d1d86a90b
-
SHA1
2221a3c0cc49dc5b97ca36b3a4959424f93ed69f
-
SHA256
9160c4962d732d3bedfbb9da1634c2393b6564fc5b1f8a1ce62de5a4ed172e8b
-
SHA512
6ea4ce128f39192cd2c32041e021e1fd2e89baa779a44ba8e113999ee4665f9eaefee3bd803b7e46e43323492431506e2cc067094e1cf668fc1264e6f398d8aa
-
SSDEEP
12288:64BR71eFL+FzE4b5dg8+7oN4gW/PppxPqGgXCjvEFdSLZPTvy:64BneFL+F1b5dIaW/zxPsyTidqNvy
Static task
static1
Behavioral task
behavioral1
Sample
BXA09QOPKJHVRFVU_001_PDF.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
BXA09QOPKJHVRFVU_001_PDF.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
RWVQ04HDJSNYKSDF03BD_002_PDF.vbs
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
RWVQ04HDJSNYKSDF03BD_002_PDF.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
gratedmonth.duckdns.org:8890
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
http://20.106.255.48/dll/lnk.pdf
Targets
-
-
Target
BXA09QOPKJHVRFVU_001_PDF.exe
-
Size
300.0MB
-
MD5
5b5b1099d3adbfba6ac4a0fe2c2a032e
-
SHA1
a0bfb095d19e54dd13f120b5b863c9ed9e02e7f7
-
SHA256
521c835ad73fb2d4e932e2cb36a5f95377f0314384339e5e18adc3e85238cd14
-
SHA512
c599cf5b2b04e871c45c884dc201f94f1038e96184610afa9a725349a590577fd823355b51fafb9a7f8aa8d8e78f724e936fac7e6e811dacc4060a25a41e8372
-
SSDEEP
3072:Z2eAJ+sffO8Q335Bdq5mV4LcPz3ipe+ZUjUcwtJFu4Ki:Z2Ssen35Bdq5mVUcr3ipJcUFuni
Score10/10-
Asyncrat family
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
RWVQ04HDJSNYKSDF03BD_002_PDF.vbs
-
Size
129KB
-
MD5
1befa9ba6ebbb499691b9ba6e4dec4ae
-
SHA1
a39f41c971b09a4928c86717deab8cfb5242bc52
-
SHA256
f119b656cd5a8a68ac35e37d8da3b090300757afda4616f67ba13369f20e459c
-
SHA512
91f7550d39963faa56df8116fadd44977fffbc22a0d92e2c43f95116276fa154633785a7bf1f0c5d1e644211f880ea44a57968a85670f5481cacdef67a96a06b
-
SSDEEP
48:qTlqlqlqlqlqlqlqllgu3gMg1gxg9gfgdWegXgtogEPgNogZg2gkgE3Vo9jgLE3M:eAAAAAAAN/edkUDVo9teK7vtReq0yO
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-