General
-
Target
JaffaCakes118_1ae61cdab60648d667193e685b440256e0f96485269a01701c63ab5bcbcc4308
-
Size
121KB
-
Sample
241224-lqytcsvjam
-
MD5
5e47326c7bd6ed925778368b4af67303
-
SHA1
dc182f9e8572bdc875f7c45f6eb65d0eaaf9dabd
-
SHA256
1ae61cdab60648d667193e685b440256e0f96485269a01701c63ab5bcbcc4308
-
SHA512
671fae719294179f97e5d3df6705208871c1696798a18362864aac5aa40cafda1a36b4f9408753ee5f56be77ea90ddf405cde0a60aba1a4aaec0ec8062437144
-
SSDEEP
3072:SfL8o1nfPjVW8EXyBhri6yOEFAXdnGwMWn9V0qTMU:CL8WfhwXiiT6nBMWjR1
Static task
static1
Behavioral task
behavioral1
Sample
RVF001.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
RVF001.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
RVF002.vbs
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
RVF002.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
ry8325585.duckdns.org:6087
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
https://schoolcrypter.com/dll_startup
Targets
-
-
Target
RVF001.EXE
-
Size
300.0MB
-
MD5
fdd6bb2ce995b36d49d3196894192988
-
SHA1
9e8b9db35c796ccd6622771ffc5d333038d3333d
-
SHA256
a09c85265ae57ce325328a06925d3fbc61021f2ca815d00858c3024ab6f8e3a8
-
SHA512
e337f94b47930a8e01ef4877a45578c9e1bf430111a6c27de03f50cee599717e4c0605f01f41d70b2123ef3bf12fb695893965876cd90ac4a17746dc8b7389e2
-
SSDEEP
3072:9q1IYuRXuhcSOY/hQ6d1XmRsDvHt02pWJJ67rmvHszvTBFUa:UyY6TYC6d1XjxpWJmryHszvTBFZ
Score10/10-
Asyncrat family
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
RVF002.VBS
-
Size
236KB
-
MD5
7b474b087d336f766ba4cd74067e2786
-
SHA1
aac3de5ebd60465dabdd78033637819b68d1e91b
-
SHA256
92d4a215bc6adc95dec27c087a23e307dcebd79b2abcbb76f9f9dc08a70b3e5a
-
SHA512
e431562d6a08d91075c8498dd88de3c83a7e21bf627263254f3b62e9f9b5493a34f1f942412865e3bd4bc3bcfc4ff2c8f5223aa0fa58601803d1f43451f50dfe
-
SSDEEP
24:QnODOUWlHllyjOMyE2aL8gVEuMvywFfV7N9Riwnwm43YQ7FYiVLneMDTFv9vPvWE:yKVWtl6OeqyYLQeMHNOSAgHyLKhB
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-