Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_30ad125e0d178551fc09fcc0f0fd6c196536f2118e0ea8689f5719f4d4e23b9f

  • Size

    178KB

  • Sample

    241229-mn4r9szjhq

  • MD5

    dccfb0cb9b3f0be19c7b1a3c036483ab

  • SHA1

    36957094efec97c62daee395da7cd91c8d6c0bf9

  • SHA256

    30ad125e0d178551fc09fcc0f0fd6c196536f2118e0ea8689f5719f4d4e23b9f

  • SHA512

    8ace757350b1c515d891d74fad024e7b9359710ae1b57ffd9d4e01d5fa2f3f63c1e33c868bbb40d94704f61ef3038a4c5a020164a68328475fc482be5a5dc416

  • SSDEEP

    3072:oFvP/bNaHXg6PfWqSUdedrnmwDr06BUgUG2DSBNmJ4DQmjIEvhWUgEPKIjJJ/z7B:oF3/cXr3WqkdSQ0KZhHm2DQIIEZWgBDJ

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

26/4/22

C2

znets.ddns.net:2000

dnets.ddns.net:2000

Mutex

mgjgjfugfrabywe7retren89i><LPO((*&*UJjiM8yn&&*N89I)(

Attributes
  • delay

    3

  • install

    false

  • install_file

    Windows Utility Essentials.exe

  • install_folder

    %AppData%

aes.plain
1
2orYbTaylhLwgAdW759LDCIGvbFwgMlY

Targets

    • Target

      b899fc7141b866552940b6ee0f8ab0d214a05c8338906fd85fae67c507d652bb

    • Size

      481KB

    • MD5

      3bcf40a5ad0db3f29f3c6243a923e277

    • SHA1

      5a500389d073311b3decc47819c19dd7faf56abb

    • SHA256

      b899fc7141b866552940b6ee0f8ab0d214a05c8338906fd85fae67c507d652bb

    • SHA512

      45ffa4c66672403220f96b58dc4bc6ac361aff38e8bb14743c63ab52659229d186a36181b7b396b024648f1f2bc54a67ca7224f1fe17cb2a4ad04d5986d78d9a

    • SSDEEP

      6144:csFDZUi1H8vzgMU+duPOyxzWtrboPZXBR+IhQaTb5Jz/:nlH8vzgL8QJxzWqRXBR

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.