General
-
Target
JaffaCakes118_9c3b123bf5be1332f7b3727c8f6c352887437b5329ffc083d0b65833cfe5678c
-
Size
485KB
-
Sample
241224-mmw12avqbr
-
MD5
cafaa060fd7c48f5dd75fd9542062622
-
SHA1
ee891d615c83b2e3eebdc3e859d975348659ce9f
-
SHA256
9c3b123bf5be1332f7b3727c8f6c352887437b5329ffc083d0b65833cfe5678c
-
SHA512
5aa310ed1fb5d5b959ce8a212866859be6ed3ec9bd81dfe47e33c486423402ce2709274098ebc71661622c413c5f9d60d110a29989c8932d1439e92fb5cb052f
-
SSDEEP
3072:5QBgL8npOntBnNOTUMBF6kI1hCRFukPxHOhTUV7f:5QBg7t7OQkF6dw3KTy7f
Static task
static1
Behavioral task
behavioral1
Sample
URFT06GSBAWRP_001_PDF/RQK02HVBPO_002_PDF.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
URFT06GSBAWRP_001_PDF/RQK02HVBPO_002_PDF.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
URFT06GSBAWRP_001_PDF/URFT06GSBAWRP_001_PDF.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
URFT06GSBAWRP_001_PDF/URFT06GSBAWRP_001_PDF.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://20.7.14.99/dll/dll_ink.pdf
Extracted
asyncrat
Venom RAT 5.0.5
Venom Clients
resulttoday2.duckdns.org:6111
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
URFT06GSBAWRP_001_PDF/RQK02HVBPO_002_PDF.vbs
-
Size
219KB
-
MD5
86d9cdbe85e0b345c00063cb59efda75
-
SHA1
6990625fff03cdc505a7c9a224c39fb9c1b1ab80
-
SHA256
541752eae29c171bb8ab3f5851b6f58ba58035298b8781990998d22cd4982f6e
-
SHA512
0f39d5b741cb5fc822f17306537a4659c5ff191f18ef47e18aa3f604eb9d4598f1c01316068285531916a57bd0410b27fd8d44adb3bda41ee691098cd5b1bc2f
-
SSDEEP
48:DVK0hbQvuivLvyvTxYvsvuiv7vu2vJR2vFvvvfv1KvFvDv2UfHvrvUvgYvc2vGgu:xKWdUIlVc8WGvXimF
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
URFT06GSBAWRP_001_PDF/URFT06GSBAWRP_001_PDF.exe
-
Size
300.0MB
-
MD5
464753cd8a6523de0fba921ce6846177
-
SHA1
6b3b77af1129f9ad86acc31163d8450eacb4dbd3
-
SHA256
3221a50204afcf59f4a836680d1e484903ac3aa389c2105d059efc51b8461092
-
SHA512
589d0919ddf11d1e8e8eff15a0f78623742e5ab6b16e2b754f519f3bfc7912ccd6c43ad5ffe5c0e11c315f9835936b6b2039dc579527d50cb25333844b0876f2
-
SSDEEP
3072:1iJZ3k2p8jrvVIYkwur2JMBZ6kINhCRFuaABOUEs64BRg40nOFblHTgr4:1OyRr9u1KJkZ6dIYBUeBRgOlWU
Score10/10-
Asyncrat family
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-