Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

lossless scaling.zip

windows10-ltsc 2021-x64

10

lossless scaling.iso

windows10-ltsc 2021-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lossless scaling.zip

  • Size

    5.5MB

  • Sample

    250312-w9r52a1ky4

  • MD5

    8439fcb6dfe70834b193f52b5cd056e4

  • SHA1

    18c658942ba545fd410984b71adda910fec86bf0

  • SHA256

    04869aaff400d7e78a3f5af6e7d4cf6ea110b3aa1a670d266e3c770602a42183

  • SHA512

    9b5b1c6870963cbd2c3d5908a308e2a4d4064834c78719d29b46c10fff33413802e009867d98227cb1bd761eeadd626e7663780e760ff600e45c6f523b23aff7

  • SSDEEP

    98304:QUhCUV0ypL3vXp8fZhUCh8wYIu2XJ9VfDpadS+fi3bIhiN9JafudOpp:2eRuhUu8wYIBHVfb3bI4Z1dOH

Score
10/10
asyncratdefaultdefense_evasiondiscoveryexecutionrattrojan

Malware Config

Extracted

Family

asyncrat

Version

A 14

Botnet

Default

C2

nams.ddnsfree.com:409

aliomar.ooguy.com:409
Mutex

MaterxMutex_Egypt409

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      lossless scaling.zip

    • Size

      5.5MB

    • MD5

      8439fcb6dfe70834b193f52b5cd056e4

    • SHA1

      18c658942ba545fd410984b71adda910fec86bf0

    • SHA256

      04869aaff400d7e78a3f5af6e7d4cf6ea110b3aa1a670d266e3c770602a42183

    • SHA512

      9b5b1c6870963cbd2c3d5908a308e2a4d4064834c78719d29b46c10fff33413802e009867d98227cb1bd761eeadd626e7663780e760ff600e45c6f523b23aff7

    • SSDEEP

      98304:QUhCUV0ypL3vXp8fZhUCh8wYIu2XJ9VfDpadS+fi3bIhiN9JafudOpp:2eRuhUu8wYIBHVfb3bI4Z1dOH

    Score
    10/10
    asyncratdefaultdefense_evasiondiscoveryexecutionrattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • UAC bypass

      defense_evasiontrojan

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      lossless scaling.iso

    • Size

      14.4MB

    • MD5

      69a20b39947fa46663f185e038253efe

    • SHA1

      fd2dfd30f72224a3cb609139556c506e4ef25963

    • SHA256

      858e44e3af2138af24251a7dcaab783c64c828c4a28bc0ecd9a86b5416747a88

    • SHA512

      f8d854600de3307f6950b4c0ea28e3de8695a0ed8acb7f279ff60574a52882b736617cd34afc88f202e1d2c946c05c388311b1d9a705f66e0faff349ace60df0

    • SSDEEP

      98304:R3owNIxQNfbs8jsGBVdR5vZjUV+XXoYUZdIxQN3bs8jsGBVdR5vZjUV+XXoYUZ:RyQNjs8j9B3v1FXXPQNLs8j9B3v1FXX

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks