Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9092ddc14431abcaa0467e6c56bdb73c1bc77c6a8e0a77f5b12d95717c47aef5

  • Size

    31KB

  • Sample

    240419-wnm9ysbd73

  • MD5

    af6f11d82f286b28a505a0648b2639cf

  • SHA1

    9a56a3dc0b393d009ac220539384ac12cda832cc

  • SHA256

    9092ddc14431abcaa0467e6c56bdb73c1bc77c6a8e0a77f5b12d95717c47aef5

  • SHA512

    a07add1619feedc8b820c8340a6a9de856aa97bc2567191bb8ece6aaae8cb864b3557abf62f22f07fb97c1fac82eebeab7462ec449d5cc17c9dc5125ccf8f6ad

  • SSDEEP

    768:y/wi/QzB4RgaQaWp/DW/i2jOHaGVmngl6nFCiQ77:Gw26dDW/i2qHFgC7H

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

94.156.68.217:3162

Mutex

sz1D8OiE4OiM

Attributes
  • delay

    3

  • install

    true

  • install_file

    MicrosoftCompabilityTelemtry.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      87e382fef7c2e0010af6532600c22578d26d041a78a1c3ec16dbf0d5eb39f347.exe

    • Size

      69KB

    • MD5

      1bcc48211ca31660a585b931eb987f93

    • SHA1

      6633d480598a27f756a8ce706e4392b294ccc8ec

    • SHA256

      87e382fef7c2e0010af6532600c22578d26d041a78a1c3ec16dbf0d5eb39f347

    • SHA512

      7704148f1e83bf97e8a6ff7f36b7fc56dee6a2175be55f1c8c9a2629a66d4d19635bfa03a7f4c92b7cbf4fbd27b014a2a2fa58dcc734fd560dab0a9977b3cf86

    • SSDEEP

      1536:Ju4n9Tswb2ksLtF3buXSumtVoGB7dTxYIbdS6w:Ju49Tswb2VLtF3bugbhJxYIbML

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • UAC bypass

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks