Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9092ddc14431abcaa0467e6c56bdb73c1bc77c6a8e0a77f5b12d95717c47aef5
-
Size
31KB
-
Sample
240419-wnm9ysbd73
-
MD5
af6f11d82f286b28a505a0648b2639cf
-
SHA1
9a56a3dc0b393d009ac220539384ac12cda832cc
-
SHA256
9092ddc14431abcaa0467e6c56bdb73c1bc77c6a8e0a77f5b12d95717c47aef5
-
SHA512
a07add1619feedc8b820c8340a6a9de856aa97bc2567191bb8ece6aaae8cb864b3557abf62f22f07fb97c1fac82eebeab7462ec449d5cc17c9dc5125ccf8f6ad
-
SSDEEP
768:y/wi/QzB4RgaQaWp/DW/i2jOHaGVmngl6nFCiQ77:Gw26dDW/i2qHFgC7H
Malware Config
Extracted
asyncrat
0.5.8
Default
94.156.68.217:3162
sz1D8OiE4OiM
-
delay
3
-
install
true
-
install_file
MicrosoftCompabilityTelemtry.exe
-
install_folder
%AppData%
Targets
-
-
Target
87e382fef7c2e0010af6532600c22578d26d041a78a1c3ec16dbf0d5eb39f347.exe
-
Size
69KB
-
MD5
1bcc48211ca31660a585b931eb987f93
-
SHA1
6633d480598a27f756a8ce706e4392b294ccc8ec
-
SHA256
87e382fef7c2e0010af6532600c22578d26d041a78a1c3ec16dbf0d5eb39f347
-
SHA512
7704148f1e83bf97e8a6ff7f36b7fc56dee6a2175be55f1c8c9a2629a66d4d19635bfa03a7f4c92b7cbf4fbd27b014a2a2fa58dcc734fd560dab0a9977b3cf86
-
SSDEEP
1536:Ju4n9Tswb2ksLtF3buXSumtVoGB7dTxYIbdS6w:Ju49Tswb2VLtF3bugbhJxYIbML
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
UAC bypass
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1