Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10/01/2025, 16:32
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240903-en
General
-
Target
Client.exe
-
Size
74KB
-
MD5
1656e622f27bbe9c1624a099cb81ba71
-
SHA1
490bce7fcc833b73a031b16ec9ca1df1b0c918b8
-
SHA256
9c0bb41bd8239ef8e2e1de9c503874c6fe1ea126b7b928650ddc996bffbf382d
-
SHA512
2c160051b03c34c4613a5fe3b95032d5040259553a955c311f3b1b224c977d01e7170928ffd4d863063cd573701a56fff4c97d0c62608723f21d53e37b9eff7c
-
SSDEEP
1536:VUnUcx73myCviPMVze9VdQuDI6H1bf/iQzcOLVclN:VUUcx73TgiPMVze9VdQsH1bf6QHBY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:4449
127.0.0.1:8000
127.0.0.1:64240
127.0.0.1:4448
193.161.193.99:4449
193.161.193.99:8000
193.161.193.99:64240
193.161.193.99:4448
103.83.164.33:4449
103.83.164.33:8000
103.83.164.33:64240
103.83.164.33:4448
dlcretzcenzktnsd
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
resource yara_rule behavioral2/memory/2288-1-0x0000000000FF0000-0x0000000001008000-memory.dmp VenomRAT -
Venomrat family
-
Suspicious behavior: EnumeratesProcesses 21 IoCs
pid Process 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe 2288 Client.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2288 Client.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2288 Client.exe