Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
113a8172009135084f3683e7ece90bf0_NEAS
-
Size
5.0MB
-
Sample
240507-km97jsha3s
-
MD5
113a8172009135084f3683e7ece90bf0
-
SHA1
49c5a4ed9724e189131168e4b36b5bfef04bf4b8
-
SHA256
8a1d5ca68426a265761fd1f2b421407d404527c9c9d07a9b37c0f8891e91acd7
-
SHA512
a63d0e382fdc57ac29af218d563dcd9f2488a23d50f4e9b9c379eb2c50a17fe193e306f4889e4601ac4b75a41142f373db96256f1bd3723cdb23c06735b134c1
-
SSDEEP
24576:AMwwZr0yM7zQP/xmauyndygJfPDR/ZMQfBD:AMweG7UPIsdyER
Static task
static1
Behavioral task
behavioral1
Sample
113a8172009135084f3683e7ece90bf0_NEAS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
113a8172009135084f3683e7ece90bf0_NEAS.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
crszhkumevmt
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/36QiVce2
Targets
-
-
Target
113a8172009135084f3683e7ece90bf0_NEAS
-
Size
5.0MB
-
MD5
113a8172009135084f3683e7ece90bf0
-
SHA1
49c5a4ed9724e189131168e4b36b5bfef04bf4b8
-
SHA256
8a1d5ca68426a265761fd1f2b421407d404527c9c9d07a9b37c0f8891e91acd7
-
SHA512
a63d0e382fdc57ac29af218d563dcd9f2488a23d50f4e9b9c379eb2c50a17fe193e306f4889e4601ac4b75a41142f373db96256f1bd3723cdb23c06735b134c1
-
SSDEEP
24576:AMwwZr0yM7zQP/xmauyndygJfPDR/ZMQfBD:AMweG7UPIsdyER
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-