Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b002b4dde8cf0072ea57106ec5cf5cfcfb609bc402110aad3fe81932a0b11ea4

  • Size

    375KB

  • Sample

    220910-tbkbeseadr

  • MD5

    f7eaf22e0cd4d9cf78a36a46aec1a9ba

  • SHA1

    3a0f1375f6eee9a29a12307245aae278213cfdd2

  • SHA256

    b002b4dde8cf0072ea57106ec5cf5cfcfb609bc402110aad3fe81932a0b11ea4

  • SHA512

    fcd9fe389d429ae5af4b81ddeef2bbb74099f3f9020f916dc32fd91a55020029062e7a3b92d73e007fc6063de95cdc45b54ccf01c66325690f5900bd9133098f

  • SSDEEP

    6144:9v5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:94VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10

Malware Config

Targets

    • Target

      b002b4dde8cf0072ea57106ec5cf5cfcfb609bc402110aad3fe81932a0b11ea4

    • Size

      375KB

    • MD5

      f7eaf22e0cd4d9cf78a36a46aec1a9ba

    • SHA1

      3a0f1375f6eee9a29a12307245aae278213cfdd2

    • SHA256

      b002b4dde8cf0072ea57106ec5cf5cfcfb609bc402110aad3fe81932a0b11ea4

    • SHA512

      fcd9fe389d429ae5af4b81ddeef2bbb74099f3f9020f916dc32fd91a55020029062e7a3b92d73e007fc6063de95cdc45b54ccf01c66325690f5900bd9133098f

    • SSDEEP

      6144:9v5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:94VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks