Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_4178938ee85e14e923ce16fb97df87ee4a66f2dd89ebbaeac9754c8f1864ab77

  • Size

    1KB

  • Sample

    241229-q1mlassqbr

  • MD5

    4f2e59981aaca522affb6006bd753ddc

  • SHA1

    9af5a82d5a62c840c0e1c073fd88c338b869831e

  • SHA256

    4178938ee85e14e923ce16fb97df87ee4a66f2dd89ebbaeac9754c8f1864ab77

  • SHA512

    b3cfde39c9ad6e088a9c36cf71d7df6e67bbc9156e4944bf39384db6e0f95e549940c23a3b8efc01b3c29cc43ada914122de1b7f4013b3f65a7477f4cd466b25

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://www.boschtransport.co.za/wp-includes/.Final.txt

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

NewB3saaa

C2

moneios.linkpc.net:2222

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      GVTCXYI83010.vbs

    • Size

      844B

    • MD5

      1414060f446d9dc216c622be120be514

    • SHA1

      0f1ce25ce0451fdc55636346271bf09054e00fc0

    • SHA256

      f43970ba4414ecdfe5d42fccb69528917e2fe58dbe684a009c455b1cfacfcb23

    • SHA512

      2e340e98b733cfbef8b671263e3ebb0dafabefa97594ef3e3f59ee406a97075322ba411c5fa6d988e3e892b1bd5b582b4a66f2bce8978d5635b6c7334bdeb11e

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks