Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4_JC.exe

  • Size

    48KB

  • Sample

    231011-xxs28shg72

  • MD5

    39fb8a8a40c829ac3a4fd5cd6ea473b7

  • SHA1

    5930195043f8a59566d778d15acb31d3c3e5c3a8

  • SHA256

    7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4

  • SHA512

    e6d3074a3f2c8d474818d1611d36990b4ab9467f5ffe983ef7572414870c2802e2f353aa02579044c7b51e482bac23424bed9767b8fbb0c41ed16dd328b2beaa

  • SSDEEP

    1536:euWk5T1gi29npmgpzmyb+M/oLnOA5UtGhdIR:euWET1gi29pmgpzmyb+/Ld6tI+R

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Rust

C2

extra-hack.ddns.net:2550

extra-hack.ddns.net:2551

extra-hack.ddns.net:2552

extra-hack.ddns.net:2553

extra-hack.ddns.net:2554

extra-hack.ddns.net:2555

extra-hack.ddns.net:2556

extra-hack.ddns.net:2557

extra-hack.ddns.net:2558

extra-hack.ddns.net:2559

extra-hack.ddns.net:2560

extra-hack.ddns.net:2561

extra-hack.ddns.net:2562

extra-hack.ddns.net:2563

extra-hack.ddns.net:2564

extra-hack.ddns.net:2565

extra-hack.ddns.net:2566

extra-hack.ddns.net:2567

extra-hack.ddns.net:2568

extra-hack.ddns.net:2569

Mutex

j4hy8gsf6w53x4

Attributes
  • delay

    3

  • install

    true

  • install_file

    Realtek HD Audio Universal Service.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4_JC.exe

    • Size

      48KB

    • MD5

      39fb8a8a40c829ac3a4fd5cd6ea473b7

    • SHA1

      5930195043f8a59566d778d15acb31d3c3e5c3a8

    • SHA256

      7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4

    • SHA512

      e6d3074a3f2c8d474818d1611d36990b4ab9467f5ffe983ef7572414870c2802e2f353aa02579044c7b51e482bac23424bed9767b8fbb0c41ed16dd328b2beaa

    • SSDEEP

      1536:euWk5T1gi29npmgpzmyb+M/oLnOA5UtGhdIR:euWET1gi29pmgpzmyb+/Ld6tI+R

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks