Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1f66dca8a4d3274b2ed67e1c54b0b92b778c782b37b873455146b3f7f0dace54
-
Size
375KB
-
Sample
221007-l8rsrscdam
-
MD5
4a4ec92008973d2f90d9daa736a11cff
-
SHA1
823b8b124ea5184b2563a4c2aee148782211ca17
-
SHA256
1f66dca8a4d3274b2ed67e1c54b0b92b778c782b37b873455146b3f7f0dace54
-
SHA512
ea24a8dd88345e75a22279442637d58ef764a3d062139f952bf0cc73286f6d9b736314b3c66fa7ae7f5349b1b83ee4744ee3f734096e53fa88da7c1ed07976a6
-
SSDEEP
6144:mv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:m4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Malware Config
Targets
-
-
Target
1f66dca8a4d3274b2ed67e1c54b0b92b778c782b37b873455146b3f7f0dace54
-
Size
375KB
-
MD5
4a4ec92008973d2f90d9daa736a11cff
-
SHA1
823b8b124ea5184b2563a4c2aee148782211ca17
-
SHA256
1f66dca8a4d3274b2ed67e1c54b0b92b778c782b37b873455146b3f7f0dace54
-
SHA512
ea24a8dd88345e75a22279442637d58ef764a3d062139f952bf0cc73286f6d9b736314b3c66fa7ae7f5349b1b83ee4744ee3f734096e53fa88da7c1ed07976a6
-
SSDEEP
6144:mv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:m4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-