Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4d4bbcfc2687bab3270b8d5bcb52708ac64952e73c5890fc58cf244194f93010

  • Size

    375KB

  • Sample

    221007-smzd2scgc6

  • MD5

    915ad9039e7c2d790357ff8eb186c6d7

  • SHA1

    b1eb5730bc31bda44f07b5539dadb7ed0c417c85

  • SHA256

    4d4bbcfc2687bab3270b8d5bcb52708ac64952e73c5890fc58cf244194f93010

  • SHA512

    35498d28c90596a4f546027216d9745753df1aa3852e49cdddc795247959df23c04792da782cbeb7748ad1d446dcfdfa9acfe6f93a4ba7c3b08b726ae085dec8

  • SSDEEP

    6144:Cv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:C4VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10

Malware Config

Targets

    • Target

      4d4bbcfc2687bab3270b8d5bcb52708ac64952e73c5890fc58cf244194f93010

    • Size

      375KB

    • MD5

      915ad9039e7c2d790357ff8eb186c6d7

    • SHA1

      b1eb5730bc31bda44f07b5539dadb7ed0c417c85

    • SHA256

      4d4bbcfc2687bab3270b8d5bcb52708ac64952e73c5890fc58cf244194f93010

    • SHA512

      35498d28c90596a4f546027216d9745753df1aa3852e49cdddc795247959df23c04792da782cbeb7748ad1d446dcfdfa9acfe6f93a4ba7c3b08b726ae085dec8

    • SSDEEP

      6144:Cv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:C4VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks