Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5.exe

  • Size

    575KB

  • Sample

    240409-dayvescc38

  • MD5

    18ccd333d9d11e8bc62935caab393521

  • SHA1

    ae54dc1fe193bf3ad174566a47ab1013f107e878

  • SHA256

    f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5

  • SHA512

    a07d2a5cc0cb3044693c0274f728999335021cecf5a5bd697720c88e952f8ca69fd5e5ea7e581a3e400df439de6d5cb8d16d6dad6238f6415eaf4d7e5e1cba21

  • SSDEEP

    12288:UB1oVeonJHI5mtDWQyskRb+udA2w1nelK8X+e:eo5dWmFWXRNA2/RX7

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Testing

C2

91.207.102.163:9899

Mutex

HbLmK5pOLkik

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5.exe

    • Size

      575KB

    • MD5

      18ccd333d9d11e8bc62935caab393521

    • SHA1

      ae54dc1fe193bf3ad174566a47ab1013f107e878

    • SHA256

      f191d334abb3d33f9d99efb91b4c12f8f6367d8015c83b3f93adb272a2da5cf5

    • SHA512

      a07d2a5cc0cb3044693c0274f728999335021cecf5a5bd697720c88e952f8ca69fd5e5ea7e581a3e400df439de6d5cb8d16d6dad6238f6415eaf4d7e5e1cba21

    • SSDEEP

      12288:UB1oVeonJHI5mtDWQyskRb+udA2w1nelK8X+e:eo5dWmFWXRNA2/RX7

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detects executables packed with SmartAssembly

    • Detects file containing reversed ASEP Autorun registry keys

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks