Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ghj.exe

  • Size

    66KB

  • Sample

    230212-st2sraeh36

  • MD5

    e6a1a7e9749c2e730a115db0d2322e0f

  • SHA1

    8dcaa44b6cb950507f953ebd8046f1c01ada02bf

  • SHA256

    0ff1a35e3ee55f9eb7523aa75999adf1208ffda8e318b411d00f81ae7db6d2e8

  • SHA512

    b5a8f515feaf26145a4ded31285f936934b1748f431aae66b4f03d94f6e58547c717ba46029c6eec2cbd67f6f4fb188e1f74407a1f115ce46088c492aab3751d

  • SSDEEP

    1536:vASM0a6LpfCejYAZQEdZbGYBuP7oCFo16AfG3OBf/Cs/LY:vASM0a6NfC/AZDdZbGYtrJfG3OBf/Y

Malware Config

Targets

    • Target

      ghj.exe

    • Size

      66KB

    • MD5

      e6a1a7e9749c2e730a115db0d2322e0f

    • SHA1

      8dcaa44b6cb950507f953ebd8046f1c01ada02bf

    • SHA256

      0ff1a35e3ee55f9eb7523aa75999adf1208ffda8e318b411d00f81ae7db6d2e8

    • SHA512

      b5a8f515feaf26145a4ded31285f936934b1748f431aae66b4f03d94f6e58547c717ba46029c6eec2cbd67f6f4fb188e1f74407a1f115ce46088c492aab3751d

    • SSDEEP

      1536:vASM0a6LpfCejYAZQEdZbGYBuP7oCFo16AfG3OBf/Cs/LY:vASM0a6NfC/AZDdZbGYtrJfG3OBf/Y

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Modifies Installed Components in the registry

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks