Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

libcares-2.dll

windows7-x64

1

libcares-2.dll

windows10-2004-x64

10

msvcp290.dll

windows7-x64

1

msvcp290.dll

windows10-2004-x64

1

nasrallah_x86.dll

windows7-x64

1

nasrallah_x86.dll

windows10-2004-x64

1

newpoveno.exe

windows7-x64

10

newpoveno.exe

windows10-2004-x64

10

vcruntime210.dll

windows7-x64

1

vcruntime210.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    newpoveno.zip

  • Size

    4.6MB

  • Sample

    250313-pav93svmv5

  • MD5

    b04c18f34a6cd916f2feddfeb664e4ce

  • SHA1

    88d9bcffe4ae28aa9fa42d23d9bf82b5458a506c

  • SHA256

    a8f718d94fa718621d41ec3bf5e5361530a101b7f5e75b86226efb2f81f7f715

  • SHA512

    5b206f032b3dd7a74487267120df6101c4c251b5c30d0b3bba9af362e5b058bcf15d1703fe0b41172ffca1b59b43be4937e0bfcb7051ff6958f4320a73ec58e8

  • SSDEEP

    98304:HHDbgiITR3ISts7WMvrp5kkIugsv78ckP41rMVeGgRq7CfQh1:nPT8tOW0dn8cJ10eDqCfQT

Score
10/10
asyncratvenomratdefaultdiscoveryexecutionpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

176.65.142.74:4449

176.65.142.74:4448
Mutex

daqyvsbasipyrpcr

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      libcares-2.dll

    • Size

      6.3MB

    • MD5

      76bcdab7c2b6db80c8cb45674ff32512

    • SHA1

      3d2d0a6f149af01cefe8dd58532307ebfd9b40e1

    • SHA256

      d82b7ed6a1ffcfb6a6e9eb76526d2de18a40ddbff43f08588b581b2d823444e5

    • SHA512

      68bdfcf5b5239d074db77cf5723d54f4a2d8af1c719c11ea1989698aef1240b1ea1f49db45bfabf02818d675ac3be7621da569771076a3bad3ac6072bd56afd0

    • SSDEEP

      49152:mAs1laV6XyvSVdbh9WNeliu06rfeYRhKA8Uhf8NqiwMAeDAwFrO12RuImEialjEj:aEk7rRJ/kFD7FhQRm/TerPmY

    Score
    10/10
    asyncratvenomratdefaultdiscoveryexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • VenomRAT

      Detects VenomRAT.

      rat

    • Venomrat family

      venomrat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      msvcp290.dll

    • Size

      3.6MB

    • MD5

      79203b0cf84b081bfd2f18584f7b9b5d

    • SHA1

      bed6f8efdda65ea6cb6092e678fc3c3537c28184

    • SHA256

      51a22c1db572ba085de83d265bfeb739dbd863aa9f32d1045716c3b1e641b0fe

    • SHA512

      70a4803feaa82d45e8af2277451b888523ef995709c452b8208b36b4ecdf1dab20b8365fe86fca835e79e819178f65fe155af3cbb4432720b01a0382a7f33456

    • SSDEEP

      49152:I2PofN7URTVdmEvRAN/P26weoKLlAEegFfZ+x+y:J3d427Ykg

    Score
    1/10
    behavioral3behavioral4

    • Target

      nasrallah_x86.dll

    • Size

      172KB

    • MD5

      70ec8ee1fad4a9c57b532179aeefce02

    • SHA1

      3ee72e32002e813179960154fc7b7b948b54d8c9

    • SHA256

      7e3b7ead509960c884e2e870879f7ef73894a746a989694f10318396614952e6

    • SHA512

      aebbe72804ec173333d9c9d872ce03a7b29479018da40d5b005a7a1ee563d0915f3059222f75068572af8b749db92fea4d17f4b020a88e49ab87a5151a1f630b

    • SSDEEP

      3072:cUxcx4GfSPMV7e9VdQsH1bfgMMARQRM+lmsolAIrRuw+mqv9j1MWLQfBY:c5fSPMV7aesVbYMMARB+lDAAy

    Score
    1/10
    behavioral5behavioral6

    • Target

      newpoveno.exe

    • Size

      81KB

    • MD5

      41c2401a4ecf9c80796e534d388e56cd

    • SHA1

      e844e6b178ef8191ce189c0e632dc7fdb2947db3

    • SHA256

      0e5a768a611a4d0ed7cb984b2ee790ad419c6ce0be68c341a2d4f64c531d8122

    • SHA512

      6f7d365f10b45cc88d8968020f6232974398cc1b46710bf650c5aa162c40d48fef0a035b29fc1b0271d4f69410fbca1b4a4119d816eeec205043175981429071

    • SSDEEP

      1536:dEV+sOWSnk3uXcieWN8WBnc1br8zlZAHaG8CaWCMp+O7Xg5U:dEV+sFSkMxRnc1br8j0aCCMXL7

    Score
    10/10
    asyncratvenomratdefaultdiscoveryexecutionratpersistence

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • VenomRAT

      Detects VenomRAT.

      rat

    • Venomrat family

      venomrat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

    • Target

      vcruntime210.dll

    • Size

      5KB

    • MD5

      603302535c29680945956908637ad226

    • SHA1

      6c367b57ea90f53b70aed4edc8c30b5895b2e4df

    • SHA256

      cec538bba50466147539fa47b4febd441a799998dd79a3582530e6dcd6414336

    • SHA512

      c067e4ae1dc6dd04e7afc0850d50077e3e76dfe79621662e4c8e4e5aea2a032a4bcd86b5e79f8a1185d1d4f1aba65c2fc4fb7e18e4a80c2c0d9944c375139705

    • SSDEEP

      96:qroyPYN/tWgSejT+L5pvEB1is8Zgy16cYUYeungdMWf4nm1csMaj7A3i412:py6tgiVBQJZgG68unIf4mCza3eiX

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks