Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    113a8172009135084f3683e7ece90bf0_NEAS

  • Size

    5.0MB

  • Sample

    240507-km97jsha3s

  • MD5

    113a8172009135084f3683e7ece90bf0

  • SHA1

    49c5a4ed9724e189131168e4b36b5bfef04bf4b8

  • SHA256

    8a1d5ca68426a265761fd1f2b421407d404527c9c9d07a9b37c0f8891e91acd7

  • SHA512

    a63d0e382fdc57ac29af218d563dcd9f2488a23d50f4e9b9c379eb2c50a17fe193e306f4889e4601ac4b75a41142f373db96256f1bd3723cdb23c06735b134c1

  • SSDEEP

    24576:AMwwZr0yM7zQP/xmauyndygJfPDR/ZMQfBD:AMweG7UPIsdyER

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

crszhkumevmt

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/36QiVce2

aes.plain

Targets

    • Target

      113a8172009135084f3683e7ece90bf0_NEAS

    • Size

      5.0MB

    • MD5

      113a8172009135084f3683e7ece90bf0

    • SHA1

      49c5a4ed9724e189131168e4b36b5bfef04bf4b8

    • SHA256

      8a1d5ca68426a265761fd1f2b421407d404527c9c9d07a9b37c0f8891e91acd7

    • SHA512

      a63d0e382fdc57ac29af218d563dcd9f2488a23d50f4e9b9c379eb2c50a17fe193e306f4889e4601ac4b75a41142f373db96256f1bd3723cdb23c06735b134c1

    • SSDEEP

      24576:AMwwZr0yM7zQP/xmauyndygJfPDR/ZMQfBD:AMweG7UPIsdyER

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks