Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b002b4dde8cf0072ea57106ec5cf5cfcfb609bc402110aad3fe81932a0b11ea4
-
Size
375KB
-
Sample
220910-tbkbeseadr
-
MD5
f7eaf22e0cd4d9cf78a36a46aec1a9ba
-
SHA1
3a0f1375f6eee9a29a12307245aae278213cfdd2
-
SHA256
b002b4dde8cf0072ea57106ec5cf5cfcfb609bc402110aad3fe81932a0b11ea4
-
SHA512
fcd9fe389d429ae5af4b81ddeef2bbb74099f3f9020f916dc32fd91a55020029062e7a3b92d73e007fc6063de95cdc45b54ccf01c66325690f5900bd9133098f
-
SSDEEP
6144:9v5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:94VOiF1WD7kE1dTYOi8V5u23zmWFy4
Malware Config
Targets
-
-
Target
b002b4dde8cf0072ea57106ec5cf5cfcfb609bc402110aad3fe81932a0b11ea4
-
Size
375KB
-
MD5
f7eaf22e0cd4d9cf78a36a46aec1a9ba
-
SHA1
3a0f1375f6eee9a29a12307245aae278213cfdd2
-
SHA256
b002b4dde8cf0072ea57106ec5cf5cfcfb609bc402110aad3fe81932a0b11ea4
-
SHA512
fcd9fe389d429ae5af4b81ddeef2bbb74099f3f9020f916dc32fd91a55020029062e7a3b92d73e007fc6063de95cdc45b54ccf01c66325690f5900bd9133098f
-
SSDEEP
6144:9v5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:94VOiF1WD7kE1dTYOi8V5u23zmWFy4
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-