Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d47a641a7b...23.exe

windows7-x64

10

d47a641a7b...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d47a641a7ba541f1431a68a6bbcb7b0246efd1adbb0ba3341fce2ce713d70523

  • Size

    168KB

  • Sample

    221107-tdrtaaghgm

  • MD5

    0da30e92f7dd8cc6ad3c35f77a0caa80

  • SHA1

    64a6be72141295cdd8ecacf0f4513328e45bab58

  • SHA256

    d47a641a7ba541f1431a68a6bbcb7b0246efd1adbb0ba3341fce2ce713d70523

  • SHA512

    0ce91ffd1ae6fd9a2472b177388c85798ccfe8e5483e99ab862b84d51d4ce41f6d40e2b3d88e6d33cec4e8aea1280ead2b71be7e042f42ae6dd288e03bade8d1

  • SSDEEP

    3072:a55WhN9npi8X7+0rbaemqKKgrkF0tIjnK0LHB8BwXc4+4uFXBfOJ4lQHwmj3yadX:a55WzZX7+0rb1mq+lIj3LHmBwXcxfXFY

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      d47a641a7ba541f1431a68a6bbcb7b0246efd1adbb0ba3341fce2ce713d70523

    • Size

      168KB

    • MD5

      0da30e92f7dd8cc6ad3c35f77a0caa80

    • SHA1

      64a6be72141295cdd8ecacf0f4513328e45bab58

    • SHA256

      d47a641a7ba541f1431a68a6bbcb7b0246efd1adbb0ba3341fce2ce713d70523

    • SHA512

      0ce91ffd1ae6fd9a2472b177388c85798ccfe8e5483e99ab862b84d51d4ce41f6d40e2b3d88e6d33cec4e8aea1280ead2b71be7e042f42ae6dd288e03bade8d1

    • SSDEEP

      3072:a55WhN9npi8X7+0rbaemqKKgrkF0tIjnK0LHB8BwXc4+4uFXBfOJ4lQHwmj3yadX:a55WzZX7+0rb1mq+lIj3LHmBwXcxfXFY

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks