Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2

  • Size

    113KB

  • Sample

    221106-rthjfafcd6

  • MD5

    0f8750b44e7ac7abf22b3649f8fcaca9

  • SHA1

    95d6f00feab3da4c7d334b1974401d972afdcecc

  • SHA256

    821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2

  • SHA512

    d66916764ced513f8f309f1678e0f988c6fe6ba41bb0a3133d1404bbecce67495f801f76317cc507c9fdc226bab378840f85588ed4ecc1662473c38d05ffa87a

  • SSDEEP

    3072:t7Q8mB+lZ6RUj3g1xjnihO0BmQSiDQGCBTwXDoL:t7Q8uZ+j3y1i0/9iDdCBEXDoL

Malware Config

Targets

    • Target

      821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2

    • Size

      113KB

    • MD5

      0f8750b44e7ac7abf22b3649f8fcaca9

    • SHA1

      95d6f00feab3da4c7d334b1974401d972afdcecc

    • SHA256

      821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2

    • SHA512

      d66916764ced513f8f309f1678e0f988c6fe6ba41bb0a3133d1404bbecce67495f801f76317cc507c9fdc226bab378840f85588ed4ecc1662473c38d05ffa87a

    • SSDEEP

      3072:t7Q8mB+lZ6RUj3g1xjnihO0BmQSiDQGCBTwXDoL:t7Q8uZ+j3y1i0/9iDdCBEXDoL

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets DLL path for service in the registry

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks