Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Infected.exe

  • Size

    63KB

  • Sample

    241020-xzktmsxdqj

  • MD5

    36e9d327e924e1c2eb407b010fc0f7ff

  • SHA1

    18c1f755f08c15029164feecc2ca425d4bb0b06c

  • SHA256

    1865d9a284b83545fb8b06802f90948b65598e6a7ceebe4b19e49430c02aee74

  • SHA512

    1d5091aa4e6180a63a6cb7a03fa3b26afa5aab0a2c5748ed6e06a7296719f3b767a74829d67a8930338b24af4f8ded9f0a1939811a8396c8859ce0c15a2744e1

  • SSDEEP

    768:ijSu/n3jzh78J4C8A+XTSazcBRL5JTk1+T4KSBGHmDbD/ph0oXomYY1XiSugdpqM:UrzV4dSJYUbdh97TFugdpqKmY7

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

options-printing.gl.at.ply.gg:29154

Attributes
  • delay

    1

  • install

    true

  • install_file

    cool aids.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Infected.exe

    • Size

      63KB

    • MD5

      36e9d327e924e1c2eb407b010fc0f7ff

    • SHA1

      18c1f755f08c15029164feecc2ca425d4bb0b06c

    • SHA256

      1865d9a284b83545fb8b06802f90948b65598e6a7ceebe4b19e49430c02aee74

    • SHA512

      1d5091aa4e6180a63a6cb7a03fa3b26afa5aab0a2c5748ed6e06a7296719f3b767a74829d67a8930338b24af4f8ded9f0a1939811a8396c8859ce0c15a2744e1

    • SSDEEP

      768:ijSu/n3jzh78J4C8A+XTSazcBRL5JTk1+T4KSBGHmDbD/ph0oXomYY1XiSugdpqM:UrzV4dSJYUbdh97TFugdpqKmY7

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Renames multiple (1282) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks