Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    87944a5ef7ee2c0db8c81da51a2de900N.exe

  • Size

    267KB

  • Sample

    240815-ljmshswenh

  • MD5

    87944a5ef7ee2c0db8c81da51a2de900

  • SHA1

    860ec7241cb7897d20b25df5d5da1042a67ecc44

  • SHA256

    e57f5c12f0d16315a298851f3ae86ca19c0c56ea603ca3f7571415a88bc67b5d

  • SHA512

    291ec1ffad87ddb35a9916b31c70ec0cf6260712ce28d33ac34ff73c1b7eb75aab2da55d37ac7c7cae00583b25d81f4a0764291f0692b7ca5b4ed06db3cd4c84

  • SSDEEP

    3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/V:WFzDqa86hV6uRRqX1evPlwAt

Malware Config

Extracted

Family

asyncrat

Version

0.4.9G

C2

corporation.warzonedns.com:9341

Mutex

480-28105c055659

Attributes
  • delay

    0

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      87944a5ef7ee2c0db8c81da51a2de900N.exe

    • Size

      267KB

    • MD5

      87944a5ef7ee2c0db8c81da51a2de900

    • SHA1

      860ec7241cb7897d20b25df5d5da1042a67ecc44

    • SHA256

      e57f5c12f0d16315a298851f3ae86ca19c0c56ea603ca3f7571415a88bc67b5d

    • SHA512

      291ec1ffad87ddb35a9916b31c70ec0cf6260712ce28d33ac34ff73c1b7eb75aab2da55d37ac7c7cae00583b25d81f4a0764291f0692b7ca5b4ed06db3cd4c84

    • SSDEEP

      3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/V:WFzDqa86hV6uRRqX1evPlwAt

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks