Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18/01/2025, 03:35
Behavioral task
behavioral1
Sample
DiscordXploit.exe
Resource
win7-20240903-en
7 signatures
150 seconds
General
-
Target
DiscordXploit.exe
-
Size
222KB
-
MD5
b56c44fd1623f7ece09ba38c233cffbb
-
SHA1
b4127c6a1c0b792d24edde64cd996ea23a830920
-
SHA256
6a3246d84a7dc156a06120f0d4373661743d748de6109575473adcf5071d6419
-
SHA512
2453b46f87d2a703bf48dc2f381fc6be43ba4f43d01af5f46c6d769872bec19829ca80112723d5975dc9957082d4544600b09ad852737582259bf0839c101a56
-
SSDEEP
3072:fUBcxVMWiPMV7uYH1bomQX5RJT/zNkF15g/xIoJzdIXANvoKxVY:fgWiPMVVVb7sR/z0/gfJzdIQNoKL
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
193.161.193.99:49446
Mutex
8735d3c7-a86c-4a5a-b775-0b873f7eb49c
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
resource yara_rule behavioral2/memory/4592-1-0x0000000000DE0000-0x0000000000E1C000-memory.dmp VenomRAT -
Venomrat family
-
Suspicious behavior: EnumeratesProcesses 29 IoCs
pid Process 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe 4592 DiscordXploit.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4592 DiscordXploit.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4592 DiscordXploit.exe