Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    75675bd7a0128edbde98a898306f88c00b25e1b6d2f7b7ae090c87240197fcac

  • Size

    106KB

  • Sample

    221003-rndy3aaghl

  • MD5

    618dbca37462a4191d5f01fdce385630

  • SHA1

    2c45c955f4933a27e1b625ac0250daa0e1d016f8

  • SHA256

    75675bd7a0128edbde98a898306f88c00b25e1b6d2f7b7ae090c87240197fcac

  • SHA512

    947aa33cd975c10a0ea920a1c95319a82ba43a81b3b842e70fe1821847880ee222441877da63cd4ea6c9cdce573443a7d58494346e4e83695c1162436bf05d5a

  • SSDEEP

    3072:46JR+uNAEaC3KtYlG4tOLjnUKfBjzLcu+SRokqWQz:4gZNATdYlG4AnU2vrPQ

Malware Config

Targets

    • Target

      75675bd7a0128edbde98a898306f88c00b25e1b6d2f7b7ae090c87240197fcac

    • Size

      106KB

    • MD5

      618dbca37462a4191d5f01fdce385630

    • SHA1

      2c45c955f4933a27e1b625ac0250daa0e1d016f8

    • SHA256

      75675bd7a0128edbde98a898306f88c00b25e1b6d2f7b7ae090c87240197fcac

    • SHA512

      947aa33cd975c10a0ea920a1c95319a82ba43a81b3b842e70fe1821847880ee222441877da63cd4ea6c9cdce573443a7d58494346e4e83695c1162436bf05d5a

    • SSDEEP

      3072:46JR+uNAEaC3KtYlG4tOLjnUKfBjzLcu+SRokqWQz:4gZNATdYlG4AnU2vrPQ

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Sets DLL path for service in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks