Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
06112024_0054_110424.vbs
-
Size
140KB
-
Sample
241106-a87cnssbld
-
MD5
b551d6e65cb8770641782a1c9fea2d46
-
SHA1
913f33925e21db15d167574c6d29e612641c24f5
-
SHA256
dcd8eb05de5d4e76fbadf6cf6ffa17f72e6feba0ab79ea57ec2f507d838c1626
-
SHA512
660b54552fc52f6195db34af7fa8d2fcfb05a0c7b97822cf654dd8360e83e3d416235c44050581a470cc01348583a56154fb55665c60a48cc1df2c8bc3707eb9
-
SSDEEP
1536:ZirfBgt5pzEGw+jDKVRs8UH12oaz+MXdVyagPI1lNyU:ZirZgt5pIGwS8RsXVTahdVyagPIPNd
Static task
static1
Behavioral task
behavioral1
Sample
06112024_0054_110424.vbs
Resource
win7-20240903-en
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1UyHqwrnXClKBJ3j63Ll1t2StVgGxbSt0
https://drive.google.com/uc?export=download&id=1UyHqwrnXClKBJ3j63Ll1t2StVgGxbSt0
Extracted
asyncrat
11-4-24
egghold.duckdns.org:2011
exgi.duckdns.org:2011
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
06112024_0054_110424.vbs
-
Size
140KB
-
MD5
b551d6e65cb8770641782a1c9fea2d46
-
SHA1
913f33925e21db15d167574c6d29e612641c24f5
-
SHA256
dcd8eb05de5d4e76fbadf6cf6ffa17f72e6feba0ab79ea57ec2f507d838c1626
-
SHA512
660b54552fc52f6195db34af7fa8d2fcfb05a0c7b97822cf654dd8360e83e3d416235c44050581a470cc01348583a56154fb55665c60a48cc1df2c8bc3707eb9
-
SSDEEP
1536:ZirfBgt5pzEGw+jDKVRs8UH12oaz+MXdVyagPI1lNyU:ZirZgt5pIGwS8RsXVTahdVyagPIPNd
-
Asyncrat family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-