Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ee7be187dcb327062f9a234946d0a13aede4efb1e3ea35de9a030ca7d3065a49

  • Size

    314KB

  • Sample

    221201-lrm39aah9t

  • MD5

    5bfa187dbe621f731af5010e9c7b409b

  • SHA1

    966fa6d9fe876fb691560c78761978cd5b01f80c

  • SHA256

    ee7be187dcb327062f9a234946d0a13aede4efb1e3ea35de9a030ca7d3065a49

  • SHA512

    c992d2e0ed5d859a6fec9d532d2ae9d862479889d1c6df093c29dd7ee0eff3d5cea379a8af9907b61fb99b215ceebe8e0e4a1f1f07324fbaca4083b929210485

  • SSDEEP

    6144:QGzRxSVtp0l6whGfsKR+zkBpTaa5tJHXH:jt0VPFfsKAkrbPlXH

Malware Config

Targets

    • Target

      ee7be187dcb327062f9a234946d0a13aede4efb1e3ea35de9a030ca7d3065a49

    • Size

      314KB

    • MD5

      5bfa187dbe621f731af5010e9c7b409b

    • SHA1

      966fa6d9fe876fb691560c78761978cd5b01f80c

    • SHA256

      ee7be187dcb327062f9a234946d0a13aede4efb1e3ea35de9a030ca7d3065a49

    • SHA512

      c992d2e0ed5d859a6fec9d532d2ae9d862479889d1c6df093c29dd7ee0eff3d5cea379a8af9907b61fb99b215ceebe8e0e4a1f1f07324fbaca4083b929210485

    • SSDEEP

      6144:QGzRxSVtp0l6whGfsKR+zkBpTaa5tJHXH:jt0VPFfsKAkrbPlXH

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks