Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_4178938ee85e14e923ce16fb97df87ee4a66f2dd89ebbaeac9754c8f1864ab77
-
Size
1KB
-
Sample
241229-q1mlassqbr
-
MD5
4f2e59981aaca522affb6006bd753ddc
-
SHA1
9af5a82d5a62c840c0e1c073fd88c338b869831e
-
SHA256
4178938ee85e14e923ce16fb97df87ee4a66f2dd89ebbaeac9754c8f1864ab77
-
SHA512
b3cfde39c9ad6e088a9c36cf71d7df6e67bbc9156e4944bf39384db6e0f95e549940c23a3b8efc01b3c29cc43ada914122de1b7f4013b3f65a7477f4cd466b25
Static task
static1
Behavioral task
behavioral1
Sample
GVTCXYI83010.vbs
Resource
win7-20240708-en
Malware Config
Extracted
https://www.boschtransport.co.za/wp-includes/.Final.txt
Extracted
asyncrat
| Edit 3LOSH RAT
NewB3saaa
moneios.linkpc.net:2222
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
GVTCXYI83010.vbs
-
Size
844B
-
MD5
1414060f446d9dc216c622be120be514
-
SHA1
0f1ce25ce0451fdc55636346271bf09054e00fc0
-
SHA256
f43970ba4414ecdfe5d42fccb69528917e2fe58dbe684a009c455b1cfacfcb23
-
SHA512
2e340e98b733cfbef8b671263e3ebb0dafabefa97594ef3e3f59ee406a97075322ba411c5fa6d988e3e892b1bd5b582b4a66f2bce8978d5635b6c7334bdeb11e
-
Asyncrat family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-