Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    79ad3b97b133a46650bd4e9243585e619cb2225a05d8dede6d1aa78a6a54bf19.exe

  • Size

    194KB

  • Sample

    240111-nkzvksffb5

  • MD5

    150d0d25b7a369b2b55c7cfbf25a204f

  • SHA1

    225b5a35019cd044dc603d9d997c41065283bfc7

  • SHA256

    79ad3b97b133a46650bd4e9243585e619cb2225a05d8dede6d1aa78a6a54bf19

  • SHA512

    564f39c2a96a0975dd68e75e2398e603c5c5a5b7267c5c53fd83bc8d2326a08c1414ca8fffa311cc8832e0d63a1c5d1cd3a12653b471fe83552e2c641a62189b

  • SSDEEP

    3072:4uiJTUKP2zG0K3buTbSHynFYrNm6+xmfswft:4uiR+Ct3beneR+KV

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

139.180.171.110:22636

139.180.171.110:1604

Mutex

RfO8CsTGr0kh

Attributes
  • delay

    3

  • install

    true

  • install_file

    chrome.exe

  • install_folder

    %AppData%

aes.plain
1
7znwJS2EESBIz5LJLfKVRv4yY6JZquSa

Targets

    • Target

      79ad3b97b133a46650bd4e9243585e619cb2225a05d8dede6d1aa78a6a54bf19.exe

    • Size

      194KB

    • MD5

      150d0d25b7a369b2b55c7cfbf25a204f

    • SHA1

      225b5a35019cd044dc603d9d997c41065283bfc7

    • SHA256

      79ad3b97b133a46650bd4e9243585e619cb2225a05d8dede6d1aa78a6a54bf19

    • SHA512

      564f39c2a96a0975dd68e75e2398e603c5c5a5b7267c5c53fd83bc8d2326a08c1414ca8fffa311cc8832e0d63a1c5d1cd3a12653b471fe83552e2c641a62189b

    • SSDEEP

      3072:4uiJTUKP2zG0K3buTbSHynFYrNm6+xmfswft:4uiR+Ct3beneR+KV

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.