Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

20/06/2024, 08:53

240620-kthqwashrm 10

12/06/2024, 01:28

240612-bvnh3sxfmr 10

General

  • Target

    3304872eb5f8f05b6ea7259446b5899c.bin

  • Size

    33KB

  • Sample

    240612-bvnh3sxfmr

  • MD5

    a6572e5084ff243f7e1430a5df010b82

  • SHA1

    a4b4ba699625cc44c3ff9b9f1960e697afdf9212

  • SHA256

    44d6c4340b60dd1bc93931e2e1756e1f1c8679e1007f246815fdd7f23607b54e

  • SHA512

    adcb04bcece5e1bd232a551b9d58a259732889bba607d42788ed16087cb0f3afa4f5d0cd05bd38c771d925e6ca172cb72ecc455f270da53f322d074a454fb902

  • SSDEEP

    768:JBtsPJZBxwGURd9cHMj1cQFu8y9X4LWd3JEnm1YZ4TYKlSqe:vtsPJZHmR/cTowqWd3owZYKlSf

Malware Config

Extracted

Family

asyncrat

Version

Xchallenger | 3Losh

Botnet

Default

C2

mochas.in-the-band.net:6606

mochas.in-the-band.net:7707

mochas.in-the-band.net:8808

Mutex

AsyncMutex_alosh

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      e22a31fdf71a913964b1f1328e132325f0188b56e5a65c025f0d553e440e2cf2.exe

    • Size

      65KB

    • MD5

      3304872eb5f8f05b6ea7259446b5899c

    • SHA1

      156b02577689b8d3620b666cbd2f5c41d83100d0

    • SHA256

      e22a31fdf71a913964b1f1328e132325f0188b56e5a65c025f0d553e440e2cf2

    • SHA512

      b80026020cb42d53ea8209bbcecace631fc700cdf762005d5b45b1f1757e5c83ac2ffae23ce92f09c167a50b1a7c3c5eede1aad563f57f70ee26a2413ecd7fe2

    • SSDEEP

      1536:32IkI9j9k5beUM7u0BrlOnmGBYIZE8XU6ab6A72AS+b5UmPtb5YS8UJ572r53Rlx:32IkI9j9k1E8XU6ac+b5UmFb5YSbadfx

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks