Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    MegAi Spoofer.lnk.zip

  • Size

    1KB

  • Sample

    241206-14jc6awqaq

  • MD5

    1eb79e4b854a72281fdaf41c01cb4d9f

  • SHA1

    da4c8f38b858472fa047785a62f9e9c02995a692

  • SHA256

    d0099281b0883cbbd38b850b5e57a1b9d50d749f6981a8abcb6b3eee350a9fe8

  • SHA512

    fe487686f7226a54c31442ceaa40d9479bd5c136447ab3b7de860c9c1bfb9e75eb3ec327e757dad68064a9e2318e6f70662bd3fcffb2fa18e8dcd5254ef2fabb

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

45.149.241.10:4444

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      MegAi Spoofer.lnk.bin

    • Size

      3KB

    • MD5

      c69266e801806c1f36f8d0143a357fe8

    • SHA1

      08fca5854ad4eb5ebace23786412fbc40245e719

    • SHA256

      e8f5ff2d4746c29e082d612daca7f1b423a5c9303f1de3ee38fa972de7e26493

    • SHA512

      45cd70c58a4ae5cf0c9cb7963972a7bd8c655b3c44fbd5d8aba7d928ee0838f4e87ea69a09c2c31079300faa3f516009e23a9d6fa367f1998837c90ce885b5c4

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks