Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7532581aec1443042cf37528b841dd62665744f791bb3d6b71afa0c7fd50396a

  • Size

    375KB

  • Sample

    221011-e11blsefck

  • MD5

    8460d9d7782da7018f8ce6a59c86f0b2

  • SHA1

    447e4d09423e60b6a797f34e757f6c880226c0f5

  • SHA256

    7532581aec1443042cf37528b841dd62665744f791bb3d6b71afa0c7fd50396a

  • SHA512

    227ce1574dca01932e1211163db9b8689b2604fcd624c66c13ec78f00af1f32d460ba7f0ff772e91a0115387b50255367b022f66d4716e2e9119e4e1d951a4b6

  • SSDEEP

    6144:Sv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:S4VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10
gh0stratratupx

Malware Config

Targets

    • Target

      7532581aec1443042cf37528b841dd62665744f791bb3d6b71afa0c7fd50396a

    • Size

      375KB

    • MD5

      8460d9d7782da7018f8ce6a59c86f0b2

    • SHA1

      447e4d09423e60b6a797f34e757f6c880226c0f5

    • SHA256

      7532581aec1443042cf37528b841dd62665744f791bb3d6b71afa0c7fd50396a

    • SHA512

      227ce1574dca01932e1211163db9b8689b2604fcd624c66c13ec78f00af1f32d460ba7f0ff772e91a0115387b50255367b022f66d4716e2e9119e4e1d951a4b6

    • SSDEEP

      6144:Sv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:S4VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    gh0stratratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks