Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

GoogleUpdateCore.exe

windows10-1703-x64

1

GoogleUpdateCore.exe

windows7-x64

10

GoogleUpdateCore.exe

windows10-2004-x64

6

Resubmissions

12/02/2023, 17:24

230212-vyv7wafd49 10

12/02/2023, 14:28

230212-rs1cvsee85 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GoogleUpdateCore.exe

  • Size

    339KB

  • Sample

    230212-vyv7wafd49

  • MD5

    dffce796a69f576b2ce5161c5bf23249

  • SHA1

    9cfac609a83d93c7727a6cfa8ee75c2f3d5d7281

  • SHA256

    a1094fd210d9c5845758c9c144a863b0d98fcd71e5fff9ce6ea2abe6b25e0fc2

  • SHA512

    959a626766dd615b4022dacc9dcebc845cdafc82f37ecbd3264e7dc2e6a8c65c15ecb54561d7991f4593d3f5bdb1fe6064dbb722eb4e59e92e93b7820e857289

  • SSDEEP

    3072:fub/CFYzAFsmRZIK3D8tjoBYOh8joBYOhVjoBYOhAeaqJsQy4Wr/CCs3iI84450v:fa/CVZ3D8OeaWyXVsa44vBjjzue8GMu

Score
10/10
asyncrathttps://api.telegram.org/botrat

Malware Config

Extracted

Family

asyncrat

Version

丽杰ョょ诶жצョרョバぎウ東バ尺迪迪制Ежर马ばぎंょ煙

Botnet

https://api.telegram.org/bot

Mutex

713693179

Attributes
  • delay

    9000

  • install

    false

  • install_file

    notepad.exe

  • install_folder

    رچىقمپازجغنصشعیوهاخجطۆلقهنهم..

  • pastebin_config

    https://www.youtube.com/

aes.plain

Targets

    • Target

      GoogleUpdateCore.exe

    • Size

      339KB

    • MD5

      dffce796a69f576b2ce5161c5bf23249

    • SHA1

      9cfac609a83d93c7727a6cfa8ee75c2f3d5d7281

    • SHA256

      a1094fd210d9c5845758c9c144a863b0d98fcd71e5fff9ce6ea2abe6b25e0fc2

    • SHA512

      959a626766dd615b4022dacc9dcebc845cdafc82f37ecbd3264e7dc2e6a8c65c15ecb54561d7991f4593d3f5bdb1fe6064dbb722eb4e59e92e93b7820e857289

    • SSDEEP

      3072:fub/CFYzAFsmRZIK3D8tjoBYOh8joBYOhVjoBYOhAeaqJsQy4Wr/CCs3iI84450v:fa/CVZ3D8OeaWyXVsa44vBjjzue8GMu

    Score
    10/10
    asyncrathttps://api.telegram.org/botrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks