Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

068f0b81ba...cc.exe

windows7-x64

10

068f0b81ba...cc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    068f0b81ba4d831dec722c6c86d4d328ca80abe5ef30bda755499064de812ccc

  • Size

    20.8MB

  • Sample

    250328-e2tv8atnw3

  • MD5

    a850018996dace168754fcf5da674b81

  • SHA1

    8c893659bca023f30cd9fd4348c4b383caee8e43

  • SHA256

    068f0b81ba4d831dec722c6c86d4d328ca80abe5ef30bda755499064de812ccc

  • SHA512

    75a305c67d0e8e6ab34f8f593fcc0f9a89d5c40c8b231657751b63e855478bb3787851cd0e319743ad1aa21e4ca15d398f2a91d01448de146e60c5bdf4b286f0

  • SSDEEP

    393216:w3Tc4BVJHWsi1B8k/z3sXCeIxO3Y3HmgEwP6cv/3X38WdGe:wQ4BbHql/zcXz3Y3Qwv3X38Wj

Score
10/10
asyncrateulenv4defense_evasiondiscoveryevasionrattrojan

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

EulenV4

Mutex

chxtzuezuve

Attributes
  • delay

    1

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/KnhCGRrn

aes.plain

Targets

    • Target

      068f0b81ba4d831dec722c6c86d4d328ca80abe5ef30bda755499064de812ccc

    • Size

      20.8MB

    • MD5

      a850018996dace168754fcf5da674b81

    • SHA1

      8c893659bca023f30cd9fd4348c4b383caee8e43

    • SHA256

      068f0b81ba4d831dec722c6c86d4d328ca80abe5ef30bda755499064de812ccc

    • SHA512

      75a305c67d0e8e6ab34f8f593fcc0f9a89d5c40c8b231657751b63e855478bb3787851cd0e319743ad1aa21e4ca15d398f2a91d01448de146e60c5bdf4b286f0

    • SSDEEP

      393216:w3Tc4BVJHWsi1B8k/z3sXCeIxO3Y3HmgEwP6cv/3X38WdGe:wQ4BbHql/zcXz3Y3Qwv3X38Wj

    Score
    10/10
    asyncrateulenv4defense_evasiondiscoveryratevasiontrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • Modifies Windows Defender notification settings

      defense_evasiontrojan

    • Async RAT payload

      rat

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks