Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ea000ad8d1b15a0063731eba16803c2aac02a90676f0c4c5408cab2fcd5f783a

  • Size

    375KB

  • Sample

    220916-megw5sbagp

  • MD5

    d7c450a049507ca6f5659e0d0d69a633

  • SHA1

    fcef2aa5a985f5d462b7e3f05cc27be957f400bf

  • SHA256

    ea000ad8d1b15a0063731eba16803c2aac02a90676f0c4c5408cab2fcd5f783a

  • SHA512

    6be3911a027513b42ffa787e89bfa46bd1826a8cbe32901a52e929c5e54ed2a5116ab661501930884532f9ec7bef240d52b470ef2aefdfca5143ac40ea81a7c0

  • SSDEEP

    6144:Cv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:C4VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10

Malware Config

Targets

    • Target

      ea000ad8d1b15a0063731eba16803c2aac02a90676f0c4c5408cab2fcd5f783a

    • Size

      375KB

    • MD5

      d7c450a049507ca6f5659e0d0d69a633

    • SHA1

      fcef2aa5a985f5d462b7e3f05cc27be957f400bf

    • SHA256

      ea000ad8d1b15a0063731eba16803c2aac02a90676f0c4c5408cab2fcd5f783a

    • SHA512

      6be3911a027513b42ffa787e89bfa46bd1826a8cbe32901a52e929c5e54ed2a5116ab661501930884532f9ec7bef240d52b470ef2aefdfca5143ac40ea81a7c0

    • SSDEEP

      6144:Cv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:C4VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks