Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17f89183d951f5ea258d8d242368a3d8.exe

  • Size

    612KB

  • Sample

    230930-vmytmaff36

  • MD5

    17f89183d951f5ea258d8d242368a3d8

  • SHA1

    41d7143f06a9fe53b6d8fda2b6d7c629c7a7a133

  • SHA256

    e54c38c8d43f2a11ac1c997438d4586a3270f1545f8ef02b8992ebc35005823c

  • SHA512

    65e59efd1e77def251c8def6065b7eb1c8944c0ec3c29f0b59eac3c7aa3dd1ced8b4ac5993804736a6b724528ce36fbd6aaf6c05c86e594eb7a61de644f0d71d

  • SSDEEP

    12288:NcrNS33L10QdrXjZDnDLRH6/cOOScBEcmJE28syNM34odu+K:wNA3R5drX1DDLRHMncBeFySIodrK

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default8

C2

185.225.73.105:8675

185.225.73.105:7896

mloptuytonroyem.sytes.net:8675

mloptuytonroyem.sytes.net:7896

Mutex

AsyncMutex_7SI8ObPWc

Attributes
  • delay

    3

  • install

    true

  • install_file

    cesr.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      17f89183d951f5ea258d8d242368a3d8.exe

    • Size

      612KB

    • MD5

      17f89183d951f5ea258d8d242368a3d8

    • SHA1

      41d7143f06a9fe53b6d8fda2b6d7c629c7a7a133

    • SHA256

      e54c38c8d43f2a11ac1c997438d4586a3270f1545f8ef02b8992ebc35005823c

    • SHA512

      65e59efd1e77def251c8def6065b7eb1c8944c0ec3c29f0b59eac3c7aa3dd1ced8b4ac5993804736a6b724528ce36fbd6aaf6c05c86e594eb7a61de644f0d71d

    • SSDEEP

      12288:NcrNS33L10QdrXjZDnDLRH6/cOOScBEcmJE28syNM34odu+K:wNA3R5drX1DDLRHMncBeFySIodrK

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks