Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

576a0d5ceb...6c.exe

windows7-x64

10

576a0d5ceb...6c.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    576a0d5ceb8a47a8cd52c0e6859e807d6581820ae5115fb10da518d4cead256c

  • Size

    25.3MB

  • Sample

    221124-mn12dagg67

  • MD5

    8bce4d0f0f0d336ef711b774091637b9

  • SHA1

    5480ad9609ea0b193b4ca5c7ef633013fe9ea009

  • SHA256

    576a0d5ceb8a47a8cd52c0e6859e807d6581820ae5115fb10da518d4cead256c

  • SHA512

    7fc25c944c68455846b958e7010ed28ed116756a439a23f2d7a0799938aed160b078fb153b159590182b05ca94abf1abd268b6e5e802475864062e563adc5b50

  • SSDEEP

    393216:bW1zhnofHqTFL3rqHeauEZdq3YxjrSB6Pvd1rCEd+z68VDn9r2zCyhBUeDjC+:a1z6fKTFGeXEfJHzna2zCynl/J

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      576a0d5ceb8a47a8cd52c0e6859e807d6581820ae5115fb10da518d4cead256c

    • Size

      25.3MB

    • MD5

      8bce4d0f0f0d336ef711b774091637b9

    • SHA1

      5480ad9609ea0b193b4ca5c7ef633013fe9ea009

    • SHA256

      576a0d5ceb8a47a8cd52c0e6859e807d6581820ae5115fb10da518d4cead256c

    • SHA512

      7fc25c944c68455846b958e7010ed28ed116756a439a23f2d7a0799938aed160b078fb153b159590182b05ca94abf1abd268b6e5e802475864062e563adc5b50

    • SSDEEP

      393216:bW1zhnofHqTFL3rqHeauEZdq3YxjrSB6Pvd1rCEd+z68VDn9r2zCyhBUeDjC+:a1z6fKTFGeXEfJHzna2zCynl/J

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks