Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
599s -
max time network
598s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
11/01/2025, 10:25
General
-
Target
Client.exe
-
Size
74KB
-
MD5
33591b7426ecab86d4589e9dec20e5bc
-
SHA1
95f8b3b660d1e403d724bc08f4b9a78238b1b850
-
SHA256
ff443eda8ffc470acbbc9364f6eab5fd0de19f7e12aedc3f84d59aa98cc61e51
-
SHA512
63960d876c5bb070f708ed11b869041646d32b642b79f5b28e75a5c81ad2883f1adb5092106632d43e829e8357acdb619e325326201982ec8ccd6b865cff82b4
-
SSDEEP
1536:1ULkcxVKpC6yPMVKe9VdQuDI6H1bf/sVvQzcGLVclN:1UocxVENyPMVKe9VdQsH1bfUvQfBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
Mutex
gedfggggnerrtrttf
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/4sQ9rmGV
aes.plain
Signatures
-
Asyncrat family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
flow ioc 98 pastebin.com 151 pastebin.com 78 pastebin.com 84 pastebin.com 99 pastebin.com 107 pastebin.com 146 pastebin.com 208 pastebin.com 40 pastebin.com 72 pastebin.com 108 pastebin.com 116 pastebin.com 132 pastebin.com 145 pastebin.com 226 pastebin.com 231 pastebin.com 76 pastebin.com 89 pastebin.com 103 pastebin.com 104 pastebin.com 190 pastebin.com 206 pastebin.com 62 pastebin.com 117 pastebin.com 167 pastebin.com 185 pastebin.com 106 pastebin.com 163 pastebin.com 199 pastebin.com 209 pastebin.com 30 pastebin.com 47 pastebin.com 61 pastebin.com 102 pastebin.com 105 pastebin.com 196 pastebin.com 152 pastebin.com 159 pastebin.com 215 pastebin.com 222 pastebin.com 17 pastebin.com 22 pastebin.com 74 pastebin.com 77 pastebin.com 8 pastebin.com 125 pastebin.com 143 pastebin.com 189 pastebin.com 187 pastebin.com 203 pastebin.com 227 pastebin.com 114 pastebin.com 118 pastebin.com 154 pastebin.com 175 pastebin.com 131 pastebin.com 150 pastebin.com 173 pastebin.com 201 pastebin.com 50 pastebin.com 88 pastebin.com 126 pastebin.com 129 pastebin.com 119 pastebin.com -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe 5056 Client.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5056 Client.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5056 Client.exe