Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Fructose Checker.exe
-
Size
9.7MB
-
Sample
240817-28197ssfpf
-
MD5
c9f3e6d590c86065a93b9a93efab2363
-
SHA1
035c94447fb233dc962bb9a578b2a01b9a312e8e
-
SHA256
49e31f8fbab7da57b575da0fcab3cc4f412c922c4af95416e68134de3d743844
-
SHA512
a3a951fa341b8fda94fea428ace54b119966c1243b3e6ac419323e8bb17aa1251944d4a8d6783ffd15bf4cf246dd57e00afaa49311f73d655b0ad6b63224327d
-
SSDEEP
196608:FtW1v4s39/4BsNYFRetQ+Ym9nLIUMBuiyObFrEUndTfyHdy2Cao7/NEeLurDRc:FmAsN/4GNY4QgLIZyMFVdfyMLJ7BLcDC
Static task
static1
Behavioral task
behavioral1
Sample
Fructose Checker.exe
Resource
win7-20240729-en
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
Default
googl3d.ddnsking.com:8808
googl3d.ddnsking.com:8080
googl3d.ddnsking.com:7707
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Runtime.exe
-
install_folder
%AppData%
Targets
-
-
Target
Fructose Checker.exe
-
Size
9.7MB
-
MD5
c9f3e6d590c86065a93b9a93efab2363
-
SHA1
035c94447fb233dc962bb9a578b2a01b9a312e8e
-
SHA256
49e31f8fbab7da57b575da0fcab3cc4f412c922c4af95416e68134de3d743844
-
SHA512
a3a951fa341b8fda94fea428ace54b119966c1243b3e6ac419323e8bb17aa1251944d4a8d6783ffd15bf4cf246dd57e00afaa49311f73d655b0ad6b63224327d
-
SSDEEP
196608:FtW1v4s39/4BsNYFRetQ+Ym9nLIUMBuiyObFrEUndTfyHdy2Cao7/NEeLurDRc:FmAsN/4GNY4QgLIZyMFVdfyMLJ7BLcDC
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-