Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6bdb1cc96b...95.exe

windows7-x64

10

6bdb1cc96b...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6bdb1cc96bca039874ff0d3a2ff3a8bd02a46e9fc55a38ba930d70792dfed795

  • Size

    183KB

  • Sample

    221201-mccjmscg51

  • MD5

    0e9ab48caf7bf7f3729f2f91c1803317

  • SHA1

    78a80a1a117f9d7862ba4e0f84cdfc0ed73a498f

  • SHA256

    6bdb1cc96bca039874ff0d3a2ff3a8bd02a46e9fc55a38ba930d70792dfed795

  • SHA512

    e2f24667296b82d90ba03a7adbb2d6fe1fd654d607082a22660a6a09a32938359ad353cb4bea4508552c97f4fe2b2c8a5dcd41cdf623af41dbda480f1ccf95a1

  • SSDEEP

    3072:rMqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRu:49MMmwzlqUHoeWofjjpAViY/lH6h+Evu

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      6bdb1cc96bca039874ff0d3a2ff3a8bd02a46e9fc55a38ba930d70792dfed795

    • Size

      183KB

    • MD5

      0e9ab48caf7bf7f3729f2f91c1803317

    • SHA1

      78a80a1a117f9d7862ba4e0f84cdfc0ed73a498f

    • SHA256

      6bdb1cc96bca039874ff0d3a2ff3a8bd02a46e9fc55a38ba930d70792dfed795

    • SHA512

      e2f24667296b82d90ba03a7adbb2d6fe1fd654d607082a22660a6a09a32938359ad353cb4bea4508552c97f4fe2b2c8a5dcd41cdf623af41dbda480f1ccf95a1

    • SSDEEP

      3072:rMqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRu:49MMmwzlqUHoeWofjjpAViY/lH6h+Evu

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks