Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Doc_168118...81.exe

windows7-x64

7

Doc_168118...81.exe

windows10-2004-x64

10

Doc_168118...81.exe

windows7-x64

7

Doc_168118...81.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36920c29062d70a7fc85d8446bbc8bd8.rar

  • Size

    993KB

  • Sample

    250311-rp4wwawvfs

  • MD5

    36920c29062d70a7fc85d8446bbc8bd8

  • SHA1

    41b4e6fc518286d97473df52034ae78f7c15d324

  • SHA256

    8aae3b1439dec6b0dc891effb2152daf27d9639cb26b0ccf03b51a5820c92b70

  • SHA512

    831b3ba273cd85f2ff66900ad7fc5b8cb290864be0cef39ced357d2deccb864f1cd759535ae2595920aed35999b418159105e4b413423a5f93f0bbb1fd59c16b

  • SSDEEP

    24576:bYPgXexwivd5dFjrekqPCdYlKwHfm7NltzPJ:b8eibdFWbCm3m5l9PJ

Score
10/10
asyncratdiscoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

SapphireRAT v3.2.0

C2

iafinitd18jw3jdvhy4nhv.duckdns.org:15348

iafinitd18jw3jdvhy4nhv.duckdns.org:35981

iafinitd18jw3jdvhy4nhv.duckdns.org:42369
Mutex

cpyzzyzerqwbqvpuh

Attributes
  • delay

    1

  • install

    false

  • install_file

    %File%

  • install_folder

    %Folder%

aes.plain

Targets

    • Target

      Doc_16811806711348617673558987317572681097380136281.exe

    • Size

      1.1MB

    • MD5

      f5c33c21056d3ef62172fc876faad063

    • SHA1

      fb56e9043f19afdf49c61063ba30fe0ad72daf07

    • SHA256

      655c37dadba41474eb3447ff8b23e064e760013e7c84503f9eb25d21f8bd3ec3

    • SHA512

      aa29db436c336847d04b7317a1d8a4cd5c8335db1d2235fb3bb685a7907fcdd8cec8eca8f2818bdc8e1e61c5bf265978e692ffeef766a962a9b7406447afd3c6

    • SSDEEP

      24576:PMjhbhcgdHRQp+DKjHfEhZQntmXft63I3i43eOooZw:CpeuHhZ7Q3q1Zw

    Score
    10/10
    discoveryasyncratexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to execute payload.

      execution
    behavioral1behavioral2

    • Target

      Doc_16811806711348617673558987317572681097380136281.exe

    • Size

      1.1MB

    • MD5

      f5c33c21056d3ef62172fc876faad063

    • SHA1

      fb56e9043f19afdf49c61063ba30fe0ad72daf07

    • SHA256

      655c37dadba41474eb3447ff8b23e064e760013e7c84503f9eb25d21f8bd3ec3

    • SHA512

      aa29db436c336847d04b7317a1d8a4cd5c8335db1d2235fb3bb685a7907fcdd8cec8eca8f2818bdc8e1e61c5bf265978e692ffeef766a962a9b7406447afd3c6

    • SSDEEP

      24576:PMjhbhcgdHRQp+DKjHfEhZQntmXft63I3i43eOooZw:CpeuHhZ7Q3q1Zw

    Score
    10/10
    discoveryasyncratexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks