Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Infected.exe
-
Size
63KB
-
Sample
241020-xzktmsxdqj
-
MD5
36e9d327e924e1c2eb407b010fc0f7ff
-
SHA1
18c1f755f08c15029164feecc2ca425d4bb0b06c
-
SHA256
1865d9a284b83545fb8b06802f90948b65598e6a7ceebe4b19e49430c02aee74
-
SHA512
1d5091aa4e6180a63a6cb7a03fa3b26afa5aab0a2c5748ed6e06a7296719f3b767a74829d67a8930338b24af4f8ded9f0a1939811a8396c8859ce0c15a2744e1
-
SSDEEP
768:ijSu/n3jzh78J4C8A+XTSazcBRL5JTk1+T4KSBGHmDbD/ph0oXomYY1XiSugdpqM:UrzV4dSJYUbdh97TFugdpqKmY7
Behavioral task
behavioral1
Sample
Infected.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Default
options-printing.gl.at.ply.gg:29154
-
delay
1
-
install
true
-
install_file
cool aids.exe
-
install_folder
%AppData%
Targets
-
-
Target
Infected.exe
-
Size
63KB
-
MD5
36e9d327e924e1c2eb407b010fc0f7ff
-
SHA1
18c1f755f08c15029164feecc2ca425d4bb0b06c
-
SHA256
1865d9a284b83545fb8b06802f90948b65598e6a7ceebe4b19e49430c02aee74
-
SHA512
1d5091aa4e6180a63a6cb7a03fa3b26afa5aab0a2c5748ed6e06a7296719f3b767a74829d67a8930338b24af4f8ded9f0a1939811a8396c8859ce0c15a2744e1
-
SSDEEP
768:ijSu/n3jzh78J4C8A+XTSazcBRL5JTk1+T4KSBGHmDbD/ph0oXomYY1XiSugdpqM:UrzV4dSJYUbdh97TFugdpqKmY7
Score10/10-
Async RAT payload
-
Renames multiple (1282) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-