Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac97426defa6f6836321051f424707f571fe3d4967e33d2ed4584f06f1a68c40

  • Size

    510KB

  • Sample

    221203-2k1c1aff6x

  • MD5

    dfc487f16e2c7115e4f15e80f5720de9

  • SHA1

    e4a9a78f61e5cb7912c45c349a2807805c8ff36b

  • SHA256

    ac97426defa6f6836321051f424707f571fe3d4967e33d2ed4584f06f1a68c40

  • SHA512

    3b7a569f23e1af82de0ff289ca3ebaf4ca2e39129550068b535ee09b552d3968611813cc6459180d5ec49f53ca5bf5f4162246c3f8aa5249715d0927f0642dd1

  • SSDEEP

    6144:nINgekrKFVH0pwpM9NBiBd3wxQKwaaQKbp1g:nINgekrKFVH0pp9KdAxQKwBe

Malware Config

Targets

    • Target

      ac97426defa6f6836321051f424707f571fe3d4967e33d2ed4584f06f1a68c40

    • Size

      510KB

    • MD5

      dfc487f16e2c7115e4f15e80f5720de9

    • SHA1

      e4a9a78f61e5cb7912c45c349a2807805c8ff36b

    • SHA256

      ac97426defa6f6836321051f424707f571fe3d4967e33d2ed4584f06f1a68c40

    • SHA512

      3b7a569f23e1af82de0ff289ca3ebaf4ca2e39129550068b535ee09b552d3968611813cc6459180d5ec49f53ca5bf5f4162246c3f8aa5249715d0927f0642dd1

    • SSDEEP

      6144:nINgekrKFVH0pwpM9NBiBd3wxQKwaaQKbp1g:nINgekrKFVH0pp9KdAxQKwBe

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v6

Tasks