Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
43s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
15/06/2023, 20:42
Behavioral task
behavioral1
Sample
Clienteexe.exe
Resource
win10v2004-20230220-en
4 signatures
150 seconds
General
-
Target
Clienteexe.exe
-
Size
63KB
-
MD5
552afce94b5bf5f1edca204278b8cad1
-
SHA1
9b2eec911b35e6fdd3932fee6ee26e0d2625394c
-
SHA256
db5539de51e133ae500c9b8908d34125d6a45940760c05c6ff5e08d55966210f
-
SHA512
d616db89779f5741b71d43943c539808346669f54377e2a08fb129ac12b5a63d8fe3e948d306a953339dbd4ed5fb6c05410fa102834c762eeca5daf78296db25
-
SSDEEP
1536:AhB5LrUwk4XO01VjwfLBcZ8tWjkGbbAwhCqhKGeDpqKmY7:AhB5LrUwk4XVV8fLBXthGbbABgz
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
5.0.5
Botnet
Venom Clients
C2
8.tcp.ngrok.io:14672
Mutex
Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule behavioral1/memory/1808-133-0x00000000000B0000-0x00000000000C6000-memory.dmp asyncrat -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1808 Clienteexe.exe