Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ccdec18403c4454e607c277a8280d4a6cbf5534b5d972451f31d7cc62a15ae84

  • Size

    614KB

  • Sample

    221129-rz8ykscb5y

  • MD5

    80a2690436c0b066df3f7e07c0306334

  • SHA1

    5b6e5884e4d4f54469203b1c1e6897728679beba

  • SHA256

    ccdec18403c4454e607c277a8280d4a6cbf5534b5d972451f31d7cc62a15ae84

  • SHA512

    a5b8b7b62810b4e4fe06bc8d6b5d120355cde15a8b887fc0760f0c6d60d653d1aa50c8c952eef078b344ae873af4173a05105feff9640f83341b67276dceb53b

  • SSDEEP

    12288:df5Xp6W+S8Zfr5Ngzsm30avwhWKY+VuRsoAI3EfIewPDPR:F5h6z52smkGX+V9BITZ

Malware Config

Targets

    • Target

      Coder.exe

    • Size

      20KB

    • MD5

      a9303341fff52f287ce625b0e9e9c5bf

    • SHA1

      bacb86ab09db8916914be67547d653f1e5a470c6

    • SHA256

      1b7982a43ae4a9e6d23db7f19d0b0fc193c0880452ce2d6172f65bc5610f2c7c

    • SHA512

      2a160e66a8689d856ca8a48569bdd2959209e3d8b49f4099f98026c0690d828e06c3731b5147435a3f1851604ef73308ccfc7cc81fb01b66a6e0648ae3084620

    • SSDEEP

      384:BvLLZy/0K27T/kTvmj0ndF7uZMRNjUlW5YptYIRlhZjM28wrw:9xC0KoTsTvmj0voMbjlORlhZjd8wrw

    Score
    1/10
    • Target

      Ghost[1].cpl

    • Size

      9KB

    • MD5

      f0b889b7244f189be6f18e8e79849e75

    • SHA1

      160ed14e3761cf7a986985edc6c1f11fa1b49dee

    • SHA256

      53a02caca604bc0b6fa47e6813cb760208a74d23ba9e35091c50e51580635633

    • SHA512

      d980800eb6c8ed1eaa96f7d652386758b9db7a257c61401f1e60c167fc6b600ea9a4d154f731015193717e37745ce949ba39fe4fa4dd8ff34b7b827a4d4bc208

    • SSDEEP

      192:kNjcZwldZdU46SdNtl+m4S9mvSCZmYh7uqf1rQhIlcDMxpo2EJ1IMynMJv01qkTK:JwZdu0zl+mn9mqCZmYh79f1rQhIlcD+E

    Score
    1/10
    • Target

      Ghost[2].cpl

    • Size

      7KB

    • MD5

      0eec7d119752a6b54aaf0e112a54435b

    • SHA1

      abc9574febfd25496fa8c96b02b0ca84e8e0c74e

    • SHA256

      a4620b97f9dc5a2a0f8eba1d29e5df9f16f858058b734c6bcfc5fe8fcb96a4cd

    • SHA512

      260f4a83ae116c2f793e47ef12d677501a9fac417e13de30e76b0ff8787072a8a11d9b4afad27c02c95b50228ec8176fb50632902af0d25b475a3444f3f252fa

    • SSDEEP

      192:G21U11eI9vDG2ItnfOXP+JbCvj+hx5XJWOoyb/QTUWAclPP:GOUPOXb/QTUWAclPP

    Score
    1/10
    • Target

      Ghost[3].cpl

    • Size

      1KB

    • MD5

      4bbf3cf4b9878143d3140000bc623866

    • SHA1

      84ff6a945bd887c0aa4dd0d13ba618eb95c97d7f

    • SHA256

      087fd3bcd5656d1e682c5bf79a6879a8d93b8bea4d6769e4a1ec81bce4173528

    • SHA512

      6aca45691f7e34fe8f1123455a60385ea32290af0ee2377c9b153a4133b8164c8a2d7efb3d5d47ced57adddb9c473a5113e35e2761921852893d0a2730bb5289

    Score
    1/10
    • Target

      Ghost[4].cpl

    • Size

      3KB

    • MD5

      ac74452ab23f6610beefde30e9f4634d

    • SHA1

      09a8fba437099f044032386e79584ca1358aca6a

    • SHA256

      ff6412040a5a33c486f1bd267281df14f2056931548150b7dfe2564c32c3f264

    • SHA512

      f726aad29358b9c489ae2ec5d0cc8effb2bc6000d0c87e1a197542c0c98104a52e7aaa56b9d514c51996934f2488ce0668372bb9320ac6de1bc8ff2025df6fd6

    Score
    1/10
    • Target

      Ghost[5].cpl

    • Size

      1KB

    • MD5

      7b1ab2c7b5811eebf10c469531bd8248

    • SHA1

      b34e2c7a743ec674a282fe20488e6b08ef6fcdc5

    • SHA256

      85bac8a327249cc9e4e7d49b2a92a115c4b985d2ce8db1f14abb702c59e28ebd

    • SHA512

      7cfd555416cdb9f31580596b088b89e84255e65fe9f9b549556ed34a221dfce24b42c7f80b3f6361faeab3cf50ab58d3b7bc7dccce4220f4cb4968bfb6e940ae

    Score
    1/10
    • Target

      Ghost[6].cpl

    • Size

      2KB

    • MD5

      ad59a61c38b0213e306189d8089d9c98

    • SHA1

      e024c29a6fae0993aa3bdc6be4609b4101a38824

    • SHA256

      a24f58b1cd249d5c7e8b5dd8c669b4681344325f429d09b6f62d59af722ebd57

    • SHA512

      0a33c6328d54b0fc54724fec537b822e4bdd85db8493f8615336ada31800920542c913aa84422935bbdc4f627cc6500a6d07752a1dc468618a4b3d49cb54407c

    Score
    1/10
    • Target

      Ghost[o].cpl

    • Size

      240B

    • MD5

      87a8086bf28a4798f8c65d91955118b3

    • SHA1

      a1254672b43501ac7a4a0ea8c28c5c0d526eaef6

    • SHA256

      ea4b510a07315827703825bfa95a2ec528619a5389f13a138bf5dbf798598da6

    • SHA512

      43691ec4766612cd366a77484e066d50636fd129d29e63207376533cf7de876b7b731a18941079d50260cca93dc50a64ec9cd40d21d5bd2f7f0fcf5451693aa1

    Score
    1/10
    • Target

      Ghost[x].cpl

    • Size

      11KB

    • MD5

      e971d36e9c007879fe02916b3322ed76

    • SHA1

      d14f75bf6926740f00111b70ca8c697e1abb113b

    • SHA256

      12078b5c9eb7ba705314521529949596af5f3692101ec41c3285b1ef8304df1a

    • SHA512

      7e8f038a3fec902f50f79c89236677c1835cebf28fdcf989f20849bc61ebd08e3c12774b92b0d3c1245e5f3a8cfbaa232b16f3fc50b75843e511dcdc92f34cad

    • SSDEEP

      192:6Jn8WdI3KBcb+S2ks+yFFHcWBBDuGlWdI3KBcb++FWh8zWlwXqe:6J8WdI3KBcb+Tks+yFFHcWBBDuGlWdIX

    Score
    1/10
    • Target

      ghostS.exe

    • Size

      1.7MB

    • MD5

      8ec1dc41329c12c454595fbfd39f88c2

    • SHA1

      81aaa39802905c8b3ee132c978ddb3cc3f3db1b5

    • SHA256

      8d5b02d29deaf800edf09adc815823f736569041a71d78217acf72444eae9264

    • SHA512

      56d8f00dfadc9fbdca948d88e9b2fd6e8f8f19fb0c730ca1001b11f5c86e74ece0c8fbf4dc15fda644145a17412a53d8bf09458d621721210eb5b179ebc5ac99

    • SSDEEP

      24576:ut+PGXJIYJgv8E32bpXnKKLA3FEQTdHUOD0/WkdmKaMaOhh:wJXJQ32l3tLtIHXAOkdm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks