Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fnexternal.exe
-
Size
47KB
-
Sample
231006-291easaf65
-
MD5
0baac525ab667acc805e5fc39365677d
-
SHA1
bdbf2f2896c5f611bf05d511ae5df283fd4d5075
-
SHA256
dc80f45af1fbb5cdad109756841f7668bb5c7688c14434892f8d53c9c64729d5
-
SHA512
f37354cb81e09257926406b02d680387a004886a906b2e7319e6eec25e1e62cc1fd93cb6f27fe1781527613ac329fad25f1a38b9785c4dc685fa142cbeed5cf4
-
SSDEEP
768:zUSRUbDILQe08+bi7EQ8iZ/8Yb+g9dm546VYvEgK/J3ZVc6KN:oS8ErzbBamnkJ3ZVclN
Behavioral task
behavioral1
Sample
fnexternal.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
fnexternal.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:8848
127.0.0.1:52364
199.36.223.62:8848
199.36.223.62:52364
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
..exe
-
install_folder
%Temp%
Targets
-
-
Target
fnexternal.exe
-
Size
47KB
-
MD5
0baac525ab667acc805e5fc39365677d
-
SHA1
bdbf2f2896c5f611bf05d511ae5df283fd4d5075
-
SHA256
dc80f45af1fbb5cdad109756841f7668bb5c7688c14434892f8d53c9c64729d5
-
SHA512
f37354cb81e09257926406b02d680387a004886a906b2e7319e6eec25e1e62cc1fd93cb6f27fe1781527613ac329fad25f1a38b9785c4dc685fa142cbeed5cf4
-
SSDEEP
768:zUSRUbDILQe08+bi7EQ8iZ/8Yb+g9dm546VYvEgK/J3ZVc6KN:oS8ErzbBamnkJ3ZVclN
Score10/10-
Async RAT payload
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1