Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8c8aee950d1420d409169010b6a9e475c2d0d78ecf9c6d31a3a7542c15735e4f_JC.exe

  • Size

    666KB

  • Sample

    231004-wrmslaff96

  • MD5

    07478a5c4795897c09745378c750f8ca

  • SHA1

    1ae0911fd5fa57d1b94ecef287af30d4845c3019

  • SHA256

    8c8aee950d1420d409169010b6a9e475c2d0d78ecf9c6d31a3a7542c15735e4f

  • SHA512

    5af0fde061350ee63b8e0b31104397c4be2ceacbba2ba08557c9872b6fefc676676f18b0f51d4d2504d1b0f5c8123d004e262e77cb4697867cb6406e26ce56b2

  • SSDEEP

    12288:JcrNS33L10QdrX4FBojL8DPNYnzENFuUftj8Y+JxeIlTPYQZjDa321uz:0NA3R5drX4GcPNYo7vljEUIlLY+Da34K

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default10

C2

qpurrybeatmecamtest.ddns.net:5987

qpurrybeatmecamtest.ddns.net:6978

Mutex

AsyncMutex_4SI8ObPTc

Attributes
  • delay

    3

  • install

    true

  • install_file

    cestm.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      8c8aee950d1420d409169010b6a9e475c2d0d78ecf9c6d31a3a7542c15735e4f_JC.exe

    • Size

      666KB

    • MD5

      07478a5c4795897c09745378c750f8ca

    • SHA1

      1ae0911fd5fa57d1b94ecef287af30d4845c3019

    • SHA256

      8c8aee950d1420d409169010b6a9e475c2d0d78ecf9c6d31a3a7542c15735e4f

    • SHA512

      5af0fde061350ee63b8e0b31104397c4be2ceacbba2ba08557c9872b6fefc676676f18b0f51d4d2504d1b0f5c8123d004e262e77cb4697867cb6406e26ce56b2

    • SSDEEP

      12288:JcrNS33L10QdrX4FBojL8DPNYnzENFuUftj8Y+JxeIlTPYQZjDa321uz:0NA3R5drX4GcPNYo7vljEUIlLY+Da34K

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks