Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
service_updated.exe
-
Size
26KB
-
Sample
230315-avjdpace3w
-
MD5
0ba94632c859dabbdeb1c68ebd7ca34d
-
SHA1
70f25b976fb529d4826d9560288560d7c3f5b63e
-
SHA256
f2ade3ae8bf5ba063e0c5911c2996bafa09de659b23bbd3014747e12a378724e
-
SHA512
be6889837f1556dfde6334ab3dd9245694d79a1495c4be86eecc0ba2695beeaaa4aebfd5fd9e27cdceea2a2e6a65e7624efce48c0ba92bc3f8550d5c914d5ef0
-
SSDEEP
384:IJJo2hYvWMUMGYZapeJiPRQMFWsXrMTW4g1CwL1CyDb+/cG7mljCD0m3HtnX:JEH1eJiJVXrM41v1C8bpCaCgm3HtX
Static task
static1
Behavioral task
behavioral1
Sample
service_updated.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
DcRatMutex_qwqdanchun
-
delay
10
-
install
true
-
install_file
csrss.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/3Z9zi18j
Targets
-
-
Target
service_updated.exe
-
Size
26KB
-
MD5
0ba94632c859dabbdeb1c68ebd7ca34d
-
SHA1
70f25b976fb529d4826d9560288560d7c3f5b63e
-
SHA256
f2ade3ae8bf5ba063e0c5911c2996bafa09de659b23bbd3014747e12a378724e
-
SHA512
be6889837f1556dfde6334ab3dd9245694d79a1495c4be86eecc0ba2695beeaaa4aebfd5fd9e27cdceea2a2e6a65e7624efce48c0ba92bc3f8550d5c914d5ef0
-
SSDEEP
384:IJJo2hYvWMUMGYZapeJiPRQMFWsXrMTW4g1CwL1CyDb+/cG7mljCD0m3HtnX:JEH1eJiJVXrM41v1C8bpCaCgm3HtX
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-