Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d727cd73d813a46f594eb4178572889d7fa90b3e6fff53c6139573811854881a

  • Size

    311KB

  • Sample

    221028-yks25sdebl

  • MD5

    0bcdbfdc66ce046ab767dad307077ce0

  • SHA1

    00c91667408c4540223fb4e867b6212ccdf91151

  • SHA256

    d727cd73d813a46f594eb4178572889d7fa90b3e6fff53c6139573811854881a

  • SHA512

    0e9a523c6684dbe4133d27045d30223cd1299e6fff6d36a128b09d208f9477eb19464064296c01113e0b363e4a076643502cf6f0ca933af3aa09ac054397f2e1

  • SSDEEP

    6144:lZMDl+rVwlMu9O2Q72iWTzAt2t3NYXtzAbxWpfO:lZm+rVwH9+SXAt2/xWpfO

Malware Config

Targets

    • Target

      d727cd73d813a46f594eb4178572889d7fa90b3e6fff53c6139573811854881a

    • Size

      311KB

    • MD5

      0bcdbfdc66ce046ab767dad307077ce0

    • SHA1

      00c91667408c4540223fb4e867b6212ccdf91151

    • SHA256

      d727cd73d813a46f594eb4178572889d7fa90b3e6fff53c6139573811854881a

    • SHA512

      0e9a523c6684dbe4133d27045d30223cd1299e6fff6d36a128b09d208f9477eb19464064296c01113e0b363e4a076643502cf6f0ca933af3aa09ac054397f2e1

    • SSDEEP

      6144:lZMDl+rVwlMu9O2Q72iWTzAt2t3NYXtzAbxWpfO:lZm+rVwH9+SXAt2/xWpfO

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks