Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Odeme.exe

  • Size

    637KB

  • Sample

    230319-tbmfsaha63

  • MD5

    0747b82b235f4d06fc693569fac9ffbd

  • SHA1

    d639f2c7345800ae12b6dea8655cdab16df64daf

  • SHA256

    044cacd5ac37289f51cb2560deec5d5eb2a299f37cc7632673fefc70196e5452

  • SHA512

    08a9ee3dbd779b8b4c689ddf54f9d57bfa68f61b18e80c8a2240a3feae5e0bf98603e68ecc55aee0d9da7efe909d09a306f5f69feb4e49668520eef7ecfab552

  • SSDEEP

    12288:NcrNS33L10QdrXjcDn6gl1f6NWU6TvfXCT8NqRu0VWYQw6zx6TaFOo:wNA3R5drXoD60ZMNg3TuWYJ2x6/o

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Mnock

C2

mooroopecamroy.sytes.net:1452

mooroopecamroy.sytes.net:1432

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    crssi.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Odeme.exe

    • Size

      637KB

    • MD5

      0747b82b235f4d06fc693569fac9ffbd

    • SHA1

      d639f2c7345800ae12b6dea8655cdab16df64daf

    • SHA256

      044cacd5ac37289f51cb2560deec5d5eb2a299f37cc7632673fefc70196e5452

    • SHA512

      08a9ee3dbd779b8b4c689ddf54f9d57bfa68f61b18e80c8a2240a3feae5e0bf98603e68ecc55aee0d9da7efe909d09a306f5f69feb4e49668520eef7ecfab552

    • SSDEEP

      12288:NcrNS33L10QdrXjcDn6gl1f6NWU6TvfXCT8NqRu0VWYQw6zx6TaFOo:wNA3R5drXoD60ZMNg3TuWYJ2x6/o

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks