Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e1691bda323c46c3dd3926b242861fb88452191742395365c48c38a454da916b

  • Size

    156KB

  • Sample

    221011-tca45scee3

  • MD5

    638d922d3a1acb3756dda409b8b50700

  • SHA1

    6c416852f4c750931281b76fa6e69a9996da7882

  • SHA256

    e1691bda323c46c3dd3926b242861fb88452191742395365c48c38a454da916b

  • SHA512

    a5e400a843be5b102be00a5fb30f96970d7b18f2f2259fadd2c6e721461ceacd0239737f05bfae6348887d03e5c81f89505e28cd75d09e5c6240607acb325d6a

  • SSDEEP

    3072:dVZd5rnmoWOQrkdJv5hMFULTvtcMk8Lyji8lkivl05Kui+ITqn:dXd5rmoWOQsJRG4GMkSQi8Tvl05KuDIk

Malware Config

Targets

    • Target

      e1691bda323c46c3dd3926b242861fb88452191742395365c48c38a454da916b

    • Size

      156KB

    • MD5

      638d922d3a1acb3756dda409b8b50700

    • SHA1

      6c416852f4c750931281b76fa6e69a9996da7882

    • SHA256

      e1691bda323c46c3dd3926b242861fb88452191742395365c48c38a454da916b

    • SHA512

      a5e400a843be5b102be00a5fb30f96970d7b18f2f2259fadd2c6e721461ceacd0239737f05bfae6348887d03e5c81f89505e28cd75d09e5c6240607acb325d6a

    • SSDEEP

      3072:dVZd5rnmoWOQrkdJv5hMFULTvtcMk8Lyji8lkivl05Kui+ITqn:dXd5rmoWOQsJRG4GMkSQi8Tvl05KuDIk

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks