Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
test.exe
-
Size
101KB
-
Sample
240628-z8y4qssdrg
-
MD5
8eab3abc6963ebf4446c5e5aa559f1d4
-
SHA1
5901818505035554b05204b2575aebfcde196d35
-
SHA256
d01b020acbaee9457d161a79b852932cc192a2dde3d47ac14292eab667aee068
-
SHA512
d55786d83c067fbe8d39537496979b3a3fb92ee87b16f39caa0795c9eef1eb7d354636058569c870a93e8f1888c6f3ee5e75d978dda9b31ae062de47fb306432
-
SSDEEP
3072:gvGyYiSDnt1lD5ScJk3sVkwqAOOwOfHQ:E41YCQ/lhVOfw
Static task
static1
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:8848
185.188.183.18:8848
DbNvcWoLvbqX
-
delay
1
-
install
true
-
install_file
csrss.exe
-
install_folder
%AppData%
Targets
-
-
Target
test.exe
-
Size
101KB
-
MD5
8eab3abc6963ebf4446c5e5aa559f1d4
-
SHA1
5901818505035554b05204b2575aebfcde196d35
-
SHA256
d01b020acbaee9457d161a79b852932cc192a2dde3d47ac14292eab667aee068
-
SHA512
d55786d83c067fbe8d39537496979b3a3fb92ee87b16f39caa0795c9eef1eb7d354636058569c870a93e8f1888c6f3ee5e75d978dda9b31ae062de47fb306432
-
SSDEEP
3072:gvGyYiSDnt1lD5ScJk3sVkwqAOOwOfHQ:E41YCQ/lhVOfw
-
Modifies security service
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Scheduled Task/Job
1Scheduled Task
1