General
-
Target
JaffaCakes118_5e1927efa5893ea03dedbcbfd93bd55e502e842ab8f0f868377838b9ae200ee5
-
Size
1.2MB
-
Sample
241224-l6jpdavmak
-
MD5
a7403056211362016991f0be3978717d
-
SHA1
d9bf42c6d89905cd9e0b295ea366d557fae24f50
-
SHA256
5e1927efa5893ea03dedbcbfd93bd55e502e842ab8f0f868377838b9ae200ee5
-
SHA512
b5f217078dd9ccde52cc73aff69d206e3ab7b5b4bf1571824d66d7a4d8cd178e6c81484de453cb9436dd83e018a07fe8f4851eb346b8fadff586b6d7da9667bc
-
SSDEEP
1536:VC0IkZJp0BF0TUvg2wGzZQc6+cKKqymrpROIX3PdeNVJ:Q1I0z0ov5tQ3bNqymWIHlWJ
Static task
static1
Behavioral task
behavioral1
Sample
QWEDFGHNM01LKJNB70.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
QWEDFGHNM01LKJNB70.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
g896696.duckdns.org:7343
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
QWEDFGHNM01LKJNB70.exe
-
Size
300.0MB
-
MD5
dc03290442587a0f396214227b2a95c3
-
SHA1
6c25ed2e5f38277405b11c162c6e347dd13f80b1
-
SHA256
3a0c56f5de394f437e20cd22718e1feb0a3d66aeb13fb60f4b5a61e04bfea2f6
-
SHA512
e5a62ef9d41b66e5f7e5ffd6861bcdbb7d34ee81ec40aa6c6801441e1e0460f3e262ecd270d7641aa332fa468e385da36c9ffeb54eab2cc7372a1bb9be5259eb
-
SSDEEP
3072:NtX+qpAgYWQAZWy6tQ3bNwymWIi7sGe8IsPsBAAAAAAAAAAAAAAAAAASY:OqpTQAZz6+Nwe8Ge8XC
Score10/10-
Asyncrat family
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-