Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    31072024_1600_docmenalfodacturas73829768692348692170835691270836599027413856932758493245.zip

  • Size

    2.1MB

  • Sample

    240731-tfvb7awfma

  • MD5

    bb1aa71be97e059a4b0dd593db3c8949

  • SHA1

    b2d0a4a40bc6e7003aaf7a081bf1dfdf4dbd7ed3

  • SHA256

    454e6542260989481f10c1c244b542ab6da99ac2791469df0cdbd7432d602bce

  • SHA512

    a5edf36c44c8737e9c59528195d358c024e3687a2510d9cc840d58c8fa458c7ad26a4992668350413239a77061b9c81e6c6b3c0a66c82d812adc80a4c3108a7f

  • SSDEEP

    49152:i9o5lPYYQPB9YU5mRAWCZnFp5D7xOfQdK/elQWGQXl:i9oDIVoAZ5ZoD/fa

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

PISTA

C2

pista.con-ip.com:6606

Mutex

uuooxuxbnkywum

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      docmenalfodacturas73829768692348692170835691270836599027413856932758493245.exe

    • Size

      2.1MB

    • MD5

      78303888fe75caafdb9d0b3ffb358319

    • SHA1

      a73032f41c5e40869d9bf1e3b61b6e6530389d60

    • SHA256

      9d93b1d1b9ef2411bd662785156af839101718cedbe60459ac07b709c04cde0d

    • SHA512

      2f6f91aa5ddacc6c30f944b0dd20fb918083fc3bc508b5a5624970fbd8ac276eee93841c904ae4eacefc0e4aeef4909a8a9154448cf231251bc9d7e8f209ddfd

    • SSDEEP

      49152:AKGcLGC9pM8jSBheJC/pFptG8TZ7fCPOM:vD9ptSXDxtNLSO

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks