Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

decoded.ps1

windows7-x64

1

decoded.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    decoded.ps1

  • Size

    610KB

  • Sample

    240422-bkkpfadf81

  • MD5

    8f480e8836360a001daf9178cec3af30

  • SHA1

    63282ae8eea6d7d25eef356d86385a8bef18b2e0

  • SHA256

    bb3fd742b93a5d4543bc780ea94d68959ed6731c47bda30fd2d6d922a9d601b6

  • SHA512

    371d0ccd4d4d04259aaca6a4ddd7dc6415258fe84be1f27d071369030f503aeead2ac3100dc31b745b951e0efa0122aef697673ddfccfe6df96699a1f8d9f176

  • SSDEEP

    12288:Y9Xu2RZISzhlFbwJeBw2699/7lKDwJtkmr:6pPzzPFE75hKD8br

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

ghshe.duckdns.org:8797

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      decoded.ps1

    • Size

      610KB

    • MD5

      8f480e8836360a001daf9178cec3af30

    • SHA1

      63282ae8eea6d7d25eef356d86385a8bef18b2e0

    • SHA256

      bb3fd742b93a5d4543bc780ea94d68959ed6731c47bda30fd2d6d922a9d601b6

    • SHA512

      371d0ccd4d4d04259aaca6a4ddd7dc6415258fe84be1f27d071369030f503aeead2ac3100dc31b745b951e0efa0122aef697673ddfccfe6df96699a1f8d9f176

    • SSDEEP

      12288:Y9Xu2RZISzhlFbwJeBw2699/7lKDwJtkmr:6pPzzPFE75hKD8br

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Async RAT payload

      rat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks