Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Dehasher.exe
-
Size
1.1MB
-
Sample
240930-2bx7aasbmb
-
MD5
be43176a494e84f0beb04cdd86efd67d
-
SHA1
09e738c02dfe2e8664d7072ee2d9df3fea7e2079
-
SHA256
76a429a6968d22df6339119f21f83ad0337ad9d60be818b328dbdc8cacfbcaeb
-
SHA512
8a8c01bb1c4aa8db4346d693c2650862f8965b897ffbabc19e04a091964b20b093e27be5fd19d7e37eb81816275b2e8da40d289c3fa3485f047d9e527a00ce11
-
SSDEEP
24576:OCUG////SMrrr8SSCrirMSpSc9CLtrDrHO37kw8m657w6ZBLmkitKqBCjC0PDgMW:OCUd37bVV1BCjB
Behavioral task
behavioral1
Sample
Dehasher.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Dehasher.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot7044437613:AAEXeS1SKGTrEjQ8F-7vSegWo8OLABeJY5k/sendMessage?chat_id=6052812018
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Dehasher.exe
-
Size
1.1MB
-
MD5
be43176a494e84f0beb04cdd86efd67d
-
SHA1
09e738c02dfe2e8664d7072ee2d9df3fea7e2079
-
SHA256
76a429a6968d22df6339119f21f83ad0337ad9d60be818b328dbdc8cacfbcaeb
-
SHA512
8a8c01bb1c4aa8db4346d693c2650862f8965b897ffbabc19e04a091964b20b093e27be5fd19d7e37eb81816275b2e8da40d289c3fa3485f047d9e527a00ce11
-
SSDEEP
24576:OCUG////SMrrr8SSCrirMSpSc9CLtrDrHO37kw8m657w6ZBLmkitKqBCjC0PDgMW:OCUd37bVV1BCjB
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
StormKitty payload
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Change Default File Association
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
2Change Default File Association
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1