General
-
Target
03072025_0529_Specification_Pdf.js.zip
-
Size
7KB
-
Sample
250703-f6spdsvlv7
-
MD5
4a82c35f0f33362cf547fbf9413dbfea
-
SHA1
cb5b6b9207372caca7527434d63b6703cd13ae92
-
SHA256
e438bcba89cfc3678e1bd02988d6f91f1e4488d40c246d237f8c78a1ec5931a5
-
SHA512
f1ec0257716df2b43f188b3e2907ad7120663fc284b3e15f997de13b14b59b19e714da2542162f8d8ad53994d93d527fce51a7b50fb5642dba714cb9b59a7194
-
SSDEEP
192:nU4SNsfRA7XR/UL8M6kmopoqBOpnsAKetJujX:nTaRdoOq8pigoX
Static task
static1
Behavioral task
behavioral1
Sample
Specification_Pdf.js
Resource
win10v2004-20250619-en
Malware Config
Extracted
https://archive.org/download/universe-1733359315202-8750/universe-1733359315202-8750.jpg
https://archive.org/download/universe-1733359315202-8750/universe-1733359315202-8750.jpg
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Hit
82.24.200.99:4449
iupghniqesem
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Specification_Pdf.js
-
Size
167KB
-
MD5
98da73d90780db6468336358a8ce09d9
-
SHA1
ae11f6ad2cd0b65f790f9c9967a7ae1e20be5f3f
-
SHA256
010e4f3487ae60e521e22671b7f521ea041a5a565da120cef4b6be8473ae15eb
-
SHA512
3446421579ed75fb078383f977ba79f7d29f70d39eacc5f18cced0310483460ebae36775e5f3f69cf071bf0b8c299c425dd0f92b341cdcfbb54a78e229b203b8
-
SSDEEP
192:rvPWYiF9ZlFr4DpohS8rZTmCLeYldkfiewOyxixnOJo9AJfnhuYgQtf/MDFrhSrB:je+SQwQJX9TA7
-
Asyncrat family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-