Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

PO-TS00663...NG.bat

windows7-x64

8

PO-TS00663...NG.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c177ed890e4b70828851f0e48ad7eb3f763322e0085043e83aa5bd8844d9cf9e

  • Size

    2.8MB

  • Sample

    250303-nccebawrv5

  • MD5

    1508e02e54bd24de6900b25aebe008cb

  • SHA1

    e545fc60525720168db3288d4fcdd9c4bdd3853f

  • SHA256

    c177ed890e4b70828851f0e48ad7eb3f763322e0085043e83aa5bd8844d9cf9e

  • SHA512

    893530d581f681187e7352afc6c3b604b7f790e265d1bed0f201cce1678b993e1acd982acb79b84d7bbeb0c390af88ce3f8a854e194679318c1174cc06bf107f

  • SSDEEP

    49152:J2IqQdj5HMSKJYzGEyquuFlLbbjGv9J4lg+AzgZ/xx26W/ZlBdoc5bTMveyEdVo:J21Qdj5H6JYPFlLfjGSiYn26W/ZlF5hY

Score
10/10
asyncratvenomratfeb 27 logsdiscoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

FEB 27 LOGS

Mutex

dwjsrlleihmlidl

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/i3NzmwEg

aes.plain

Targets

    • Target

      PO-TS006630009-MRTUNNING.bat

    • Size

      88KB

    • MD5

      5074e24f123a4c5571b35baf33f14d45

    • SHA1

      80e8c31f5a75e3c4fecae273c646abb013fa92c2

    • SHA256

      6a3326dd113b916567aa7d321827e8bed86509c150531349325e7f052f957b93

    • SHA512

      515f67210129112fa794b0c32ae577d54a76b2a6f4c587d90e8ea629e1314bda80298df61087e346fd2e625c0a9e7b49b954db7d31a4ade194ba633ee2280ddc

    • SSDEEP

      1536:hZkbmEKUgXEXzICKUnFxW8/cJfXN8NTrs0w1E1BogzQxXuolDDhE8Mxhzok7UnWV:wHfzW7JfXN8JtwOEugRjglwWV

    Score
    10/10
    discoveryexecutionasyncratvenomratfeb 27 logsrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • VenomRAT

      Detects VenomRAT.

      rat

    • Venomrat family

      venomrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks