Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f66dca8a4d3274b2ed67e1c54b0b92b778c782b37b873455146b3f7f0dace54

  • Size

    375KB

  • Sample

    221007-l8rsrscdam

  • MD5

    4a4ec92008973d2f90d9daa736a11cff

  • SHA1

    823b8b124ea5184b2563a4c2aee148782211ca17

  • SHA256

    1f66dca8a4d3274b2ed67e1c54b0b92b778c782b37b873455146b3f7f0dace54

  • SHA512

    ea24a8dd88345e75a22279442637d58ef764a3d062139f952bf0cc73286f6d9b736314b3c66fa7ae7f5349b1b83ee4744ee3f734096e53fa88da7c1ed07976a6

  • SSDEEP

    6144:mv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:m4VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10

Malware Config

Targets

    • Target

      1f66dca8a4d3274b2ed67e1c54b0b92b778c782b37b873455146b3f7f0dace54

    • Size

      375KB

    • MD5

      4a4ec92008973d2f90d9daa736a11cff

    • SHA1

      823b8b124ea5184b2563a4c2aee148782211ca17

    • SHA256

      1f66dca8a4d3274b2ed67e1c54b0b92b778c782b37b873455146b3f7f0dace54

    • SHA512

      ea24a8dd88345e75a22279442637d58ef764a3d062139f952bf0cc73286f6d9b736314b3c66fa7ae7f5349b1b83ee4744ee3f734096e53fa88da7c1ed07976a6

    • SSDEEP

      6144:mv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:m4VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks