Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    csgoaimbotv4.7z

  • Size

    80KB

  • Sample

    221218-qld1lseh6z

  • MD5

    868df53b4c4e0e6182f8d6cc043c450d

  • SHA1

    9adbbe3b1a79345554a90b0afb26225a46c506de

  • SHA256

    901aae7ee066f4bae3b555b70100669c065a41c9bf7003e539f0967dab0148e0

  • SHA512

    476657a6d75a1bb56adb53e88f30bd35f4e273b7995b58a35813dcd2ed8800c4042f4f125658ef9d041b688d0dc67f14f7f7c20361bf4ed916433f4be88a54b4

  • SSDEEP

    1536:7CSpLLsvEg+CJmtdaZAx6MPfnpFjmHrlQL6zr+y7ckjyHv36pSH:nVCJmPaZqnmaLoig3eHdH

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

127.0.0.1:8080

griffins.hopto.org:8080

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      csgoaimbotv4.exe

    • Size

      128KB

    • MD5

      1ea71f05dfcf204b93d5cb477b4f2204

    • SHA1

      e6c7fef434465cee12997728b3f524c9240e9da4

    • SHA256

      cda8e1419b737a89a7e5b6d90d9586538bf4d3316ca86c7b32b26b6993435aa5

    • SHA512

      d2b10b215dd01b2c33e0b32e0f2d156997d9cfd58d7ce96509e2453c869ae87190f89585311462e0195e2f0794d2d53e8316df4aef52b8cc01bd970c61a7d739

    • SSDEEP

      3072:ubhIBLTM3Ufc6dZi4M8Gbb9y+z3SVD5OG005SlkzTeL9BJiXvzcprrC:MhALTM3Uf9O8kbpq5BKN

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks