Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

GORILLA_Last.hta

windows7-x64

8

GORILLA_Last.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GORILLA_Last.hta

  • Size

    46KB

  • Sample

    221028-nzdwnafdf4

  • MD5

    750984a5dbe06c1092efbfdcaa2c0e45

  • SHA1

    7a77048b108835f4ecc15cad2ae2fc3bce2d8b10

  • SHA256

    dabdd1dc8f9dd5c796a50f9b09c2831073b318a0421a49af0caa153109e0488a

  • SHA512

    fc6ee1773eaae435e8f6bc639f7c85dfc72bfd694a84a8d78862863a12317f81d9d19c46b87efa85f86f67bf4541fce07b191b2730ee6a7227762c8bd0803825

  • SSDEEP

    768:otwjF6wFIk//xGWU/NaqjN+yUv4CZgS01ZNuIDyHmPHaPbgtlNJzLa2p9bn+ImY9:WwYwFDYWsjg/48euBtP83NQsSpr47pP/

Score
10/10
asyncrat2022rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

2022

C2

clsuplementos.ddns.net:6606

clsuplementos.ddns.net:7707

clsuplementos.ddns.net:4404

clsuplementos.ddns.net:5505

clsuplementos.ddns.net:8808

clsuplementos.ddns.net:9909

handling.ddns.net:6606

handling.ddns.net:7707

handling.ddns.net:4404

handling.ddns.net:5505

handling.ddns.net:8808

handling.ddns.net:9909

corpoleve.duckdns.org:6606

corpoleve.duckdns.org:7707

corpoleve.duckdns.org:4404

corpoleve.duckdns.org:5505

corpoleve.duckdns.org:8808

corpoleve.duckdns.org:9909

corpoleve.3utilities.com:6606

corpoleve.3utilities.com:7707
Mutex

AsyncMutex_6SI8OkPnkd

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
DaZTnLgbUMvIVQVQEoD8yiS7inPMrrdf

Targets

    • Target

      GORILLA_Last.hta

    • Size

      46KB

    • MD5

      750984a5dbe06c1092efbfdcaa2c0e45

    • SHA1

      7a77048b108835f4ecc15cad2ae2fc3bce2d8b10

    • SHA256

      dabdd1dc8f9dd5c796a50f9b09c2831073b318a0421a49af0caa153109e0488a

    • SHA512

      fc6ee1773eaae435e8f6bc639f7c85dfc72bfd694a84a8d78862863a12317f81d9d19c46b87efa85f86f67bf4541fce07b191b2730ee6a7227762c8bd0803825

    • SSDEEP

      768:otwjF6wFIk//xGWU/NaqjN+yUv4CZgS01ZNuIDyHmPHaPbgtlNJzLa2p9bn+ImY9:WwYwFDYWsjg/48euBtP83NQsSpr47pP/

    Score
    10/10
    asyncrat2022rat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.