Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    QKWERBD01BSNAS_002_PDF.vbs

  • Size

    442KB

  • Sample

    221014-xxdmjsecbp

  • MD5

    ef69b45b2a116ed60277d731e42c2f0e

  • SHA1

    0f1b9734dd43a034c56360e603659568ab65f91d

  • SHA256

    ace37f42d21bf2768add3a41954c1b5d41f85966af20de4483498c14ac4d8a7b

  • SHA512

    c2d037d408ed9a199a15ae960b53c112e2887571e87325794cf49a6f8c15af18bba380544b565d7e0f96dd68c9cda8fc416c50d595640086c1e8f31c62ac7e10

  • SSDEEP

    768:De0E0B0S0Y0V0w0B0V0/i0j0+050kfF0NF0B0Z/0pP40E0X070M0Ao0I0gAOAqAn:7aW1AP4lgK

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://20.7.14.99/dll/dll_ink.pdf

Extracted

Family

asyncrat

Version

Venom RAT 5.0.5

Botnet

Venom Clients

C2

hugh69021.duckdns.org:7555

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      QKWERBD01BSNAS_002_PDF.vbs

    • Size

      442KB

    • MD5

      ef69b45b2a116ed60277d731e42c2f0e

    • SHA1

      0f1b9734dd43a034c56360e603659568ab65f91d

    • SHA256

      ace37f42d21bf2768add3a41954c1b5d41f85966af20de4483498c14ac4d8a7b

    • SHA512

      c2d037d408ed9a199a15ae960b53c112e2887571e87325794cf49a6f8c15af18bba380544b565d7e0f96dd68c9cda8fc416c50d595640086c1e8f31c62ac7e10

    • SSDEEP

      768:De0E0B0S0Y0V0w0B0V0/i0j0+050kfF0NF0B0Z/0pP40E0X070M0Ao0I0gAOAqAn:7aW1AP4lgK

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Blocklisted process makes network request

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks