Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ccf989ed46...e0.exe

windows7-x64

10

ccf989ed46...e0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ccf989ed46b37a95539e639d7d48202498f8fe1401e11e6190d3e4a124e255e0

  • Size

    168KB

  • Sample

    221128-bty87ahh4y

  • MD5

    6fab44045e90ca4673c331bfd84f0ee9

  • SHA1

    b9c5991228e3870266d0a7a7741734ad4f026ce5

  • SHA256

    ccf989ed46b37a95539e639d7d48202498f8fe1401e11e6190d3e4a124e255e0

  • SHA512

    05c75c864730a387646123210aeb359845c01219981d1a69958f886d9931a8e240ae1c05e3f72175549e84204e8758b789bb1ff3575da58b73c326bc2e858024

  • SSDEEP

    3072:a55WhN9npi8X7+0rbaemqKKgrkF0tIjnK0LHB8BwXc4+4uFXBfOJ4lQHwmj3ypdX:a55WzZX7+0rb1mq+lIj3LHmBwXcxfXFP

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      ccf989ed46b37a95539e639d7d48202498f8fe1401e11e6190d3e4a124e255e0

    • Size

      168KB

    • MD5

      6fab44045e90ca4673c331bfd84f0ee9

    • SHA1

      b9c5991228e3870266d0a7a7741734ad4f026ce5

    • SHA256

      ccf989ed46b37a95539e639d7d48202498f8fe1401e11e6190d3e4a124e255e0

    • SHA512

      05c75c864730a387646123210aeb359845c01219981d1a69958f886d9931a8e240ae1c05e3f72175549e84204e8758b789bb1ff3575da58b73c326bc2e858024

    • SSDEEP

      3072:a55WhN9npi8X7+0rbaemqKKgrkF0tIjnK0LHB8BwXc4+4uFXBfOJ4lQHwmj3ypdX:a55WzZX7+0rb1mq+lIj3LHmBwXcxfXFP

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks