Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

976833d491...a7.exe

windows7-x64

10

976833d491...a7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    976833d491de30583479494fb8946ea7.exe

  • Size

    5.3MB

  • Sample

    241002-rhfwgatgkb

  • MD5

    976833d491de30583479494fb8946ea7

  • SHA1

    a8b9321a3fbe582b029c2b35f439966211cba8a4

  • SHA256

    d08285f3f36f0c79df6d4cb82b9b045859d25c96a223c16702b6043ea8950f6e

  • SHA512

    bec2e86948eef70e9b64d01867aa3b3e2d5023bf56333052878fcd61b50cd7147a8a8b463a15bf165310ef7aeca57a2d5247ffd4b047f614d8f6c812eade7385

  • SSDEEP

    98304:atLutWh4NYxtJpkxhG9vPLOqjajvD333yuhGRHW:vOxtJahydjaKu0W

Score
10/10
asyncrat18discoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

18

C2

nuevodcsrat.duckdns.org:8081

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      976833d491de30583479494fb8946ea7.exe

    • Size

      5.3MB

    • MD5

      976833d491de30583479494fb8946ea7

    • SHA1

      a8b9321a3fbe582b029c2b35f439966211cba8a4

    • SHA256

      d08285f3f36f0c79df6d4cb82b9b045859d25c96a223c16702b6043ea8950f6e

    • SHA512

      bec2e86948eef70e9b64d01867aa3b3e2d5023bf56333052878fcd61b50cd7147a8a8b463a15bf165310ef7aeca57a2d5247ffd4b047f614d8f6c812eade7385

    • SSDEEP

      98304:atLutWh4NYxtJpkxhG9vPLOqjajvD333yuhGRHW:vOxtJahydjaKu0W

    Score
    10/10
    asyncrat18discoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks