General

  • Target

    Atualizacao_plugin_adobe_2025_1749017198.js

  • Size

    4KB

  • Sample

    250604-h9ye6aam61

  • MD5

    5ab27ea90371d433e93ad274f1b596f8

  • SHA1

    4cf349fb20e76ad32df359b9f686074670b771c9

  • SHA256

    29468996dd9c87967af928e90d2ef29cf1c41222f00eda022d790e1de87408d1

  • SHA512

    3739dd76fd440392804ad02f0c32a337e35d56b4fe702c745104ae1e3725a4b90d2be10aae6d4b807c7e0d7ce9db218a3f40d66effa88d3da6d04e79d97bc6f0

  • SSDEEP

    96:zVcPPLexaaShb/edp0MMeMEL/ShbP0lOedMamShbPShbMShb5ShbMKShbOE4L+s4:zVe6EK1GDUwBsPRM8MztU4lvP

Malware Config

Targets

    • Target

      Atualizacao_plugin_adobe_2025_1749017198.js

    • Size

      4KB

    • MD5

      5ab27ea90371d433e93ad274f1b596f8

    • SHA1

      4cf349fb20e76ad32df359b9f686074670b771c9

    • SHA256

      29468996dd9c87967af928e90d2ef29cf1c41222f00eda022d790e1de87408d1

    • SHA512

      3739dd76fd440392804ad02f0c32a337e35d56b4fe702c745104ae1e3725a4b90d2be10aae6d4b807c7e0d7ce9db218a3f40d66effa88d3da6d04e79d97bc6f0

    • SSDEEP

      96:zVcPPLexaaShb/edp0MMeMEL/ShbP0lOedMamShbPShbMShb5ShbMKShbOE4L+s4:zVe6EK1GDUwBsPRM8MztU4lvP

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • VenomRAT

      Detects VenomRAT.

    • Venomrat family

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks