Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Randome.zip

windows11-21h2-x64

1

GMAIL/Gmail.exe

windows11-21h2-x64

3

Instagram VM.exe

windows11-21h2-x64

5

LazyAIO/LazyAIO.exe

windows11-21h2-x64

7

Minecraft/...ft.exe

windows11-21h2-x64

3

Numify v3-...Or.exe

windows11-21h2-x64

3

VenomRAT v...er.exe

windows11-21h2-x64

1

VenomRAT v...nc.exe

windows11-21h2-x64

1

VenomRAT v...ny.exe

windows11-21h2-x64

10

VenomRAT v...p_.exe

windows11-21h2-x64

10

VenomRAT v....3.exe

windows11-21h2-x64

10

Resubmissions

27/09/2024, 20:25

240927-y7q63azgkh 10

27/09/2024, 20:17

240927-y2m78axelm 10

Analysis

  • max time kernel
    147s
  • max time network
    159s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27/09/2024, 20:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VenomRAT v6.0.3_p_/Venom v6.0.3.exe

  • Size

    14.3MB

  • MD5

    f847c6b988dcc932d1a31171160cf69e

  • SHA1

    1b40d91ad3ef9b5e4174aec276f906fe9adda9ed

  • SHA256

    d75d343cc6593b2cbcd2b64963d8ba7764b9517a12298baea07c0efc6252b0a8

  • SHA512

    25dc413fa52556e7792eeea575a0654927204fb1d53b5110baee1da7f1ca67fa0c466970021ab4d173f231c41e8c321a991dd4124a0a1d6f9f8db990826087a9

  • SSDEEP

    393216:RR4JtH5KnO38c9+kq/s03jHHTbO+hYxyPzF:4bH5Yc8c9g/j3jtlB

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

93.82.44.26:4040

Mutex

nheplizwdi

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Executes dropped EXE 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3_p_\Venom v6.0.3.exe
    "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3_p_\Venom v6.0.3.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3736
    • C:\Users\Admin\AppData\Local\Temp\sistrdzthu.exe
      "C:\Users\Admin\AppData\Local\Temp\sistrdzthu.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1452
      • C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3_p_\Venom RAT + HVNC + Stealer + Grabber.exe
        "C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3_p_\Venom RAT + HVNC + Stealer + Grabber.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2756
    • C:\Users\Admin\AppData\Local\Temp\Venomrat.exe
      "C:\Users\Admin\AppData\Local\Temp\Venomrat.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3352
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:3604

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\VenomRAT v6.0.3_p_\Venom RAT + HVNC + Stealer + Grabber.exe
      Filesize

      14.2MB

      MD5

      3b3a304c6fc7a3a1d9390d7cbff56634

      SHA1

      e8bd5244e6362968f5017680da33f1e90ae63dd7

      SHA256

      7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58

      SHA512

      7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Venomrat.exe
      Filesize

      74KB

      MD5

      f6cd31be1b934e979780c63ee6dca10c

      SHA1

      7f802a7409345d03bef6d292b91e096a97c7f25a

      SHA256

      c7d808cc2f536c8aef33b34415bffa55d32ecdfb23dd34ec95d76f934c40ea12

      SHA512

      bef7835728afb40e05a322a331b6a7a7f99b37d0dea0d883b4c0afa0e697f0801847680202d19d99f934b29d3b934a6d41a0e623945c7af469fb842354a0c6f9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\sistrdzthu.exe
      Filesize

      14.2MB

      MD5

      7e8d3bcd4b3ee0a20deb79e5818f06a0

      SHA1

      73acfa8fbe3aa5ab8372cf8d11eba9242ba4592e

      SHA256

      baa304c80cd2acc0df7968024a0754d560dfd2fafc14dfc6383783e3d2f8127e

      SHA512

      2ca9b6ec0f22d586388caf3d4da20e25ba46aac0cee7d6e98f8ddeb3cddbc346d632a3717c6902b065e6fb5d8628ff08f8a306f1ca539f905fbfb1a06f7222c9

      Download Submit

    • memory/2756-39-0x0000022F266C0000-0x0000022F26710000-memory.dmp

      Filesize

      320KB

      Download

    • memory/2756-40-0x0000022F2A400000-0x0000022F2ABBE000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2756-49-0x0000022F278B0000-0x0000022F278BA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2756-34-0x0000022F0B130000-0x0000022F0BF64000-memory.dmp

      Filesize

      14.2MB

      Download

    • memory/2756-35-0x0000022F278C0000-0x0000022F28CC4000-memory.dmp

      Filesize

      20.0MB

      Download

    • memory/2756-37-0x0000022F26810000-0x0000022F26A62000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/2756-36-0x0000022F26AD0000-0x0000022F26FE2000-memory.dmp

      Filesize

      5.1MB

      Download

    • memory/2756-48-0x0000022F2B500000-0x0000022F2B5AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/2756-38-0x0000022F270D0000-0x0000022F271A8000-memory.dmp

      Filesize

      864KB

      Download

    • memory/2756-45-0x0000022F2BB80000-0x0000022F2BD92000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2756-41-0x0000022F2ABC0000-0x0000022F2B252000-memory.dmp

      Filesize

      6.6MB

      Download

    • memory/2756-42-0x0000022F29FE0000-0x0000022F2A37C000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/2756-43-0x0000022F2B6F0000-0x0000022F2BB74000-memory.dmp

      Filesize

      4.5MB

      Download

    • memory/2756-44-0x0000022F26710000-0x0000022F26730000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3352-23-0x00007FFE458A0000-0x00007FFE46362000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/3352-46-0x00007FFE458A3000-0x00007FFE458A5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3352-47-0x00007FFE458A0000-0x00007FFE46362000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/3352-19-0x00007FFE458A3000-0x00007FFE458A5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3352-20-0x0000000000F90000-0x0000000000FA8000-memory.dmp

      Filesize

      96KB

      Download