Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ba5396e15e896c12f5b948b4ab134e44.exe

  • Size

    91KB

  • Sample

    221225-nmpgmaee6s

  • MD5

    ba5396e15e896c12f5b948b4ab134e44

  • SHA1

    ad091a08da28014d915f0ba4dee83598d04eddaf

  • SHA256

    29bdf30d0b641a2fb9abc5dc9b5544e39cb91c9e2deb927b45679010198c765f

  • SHA512

    7a5ddd3e3459745c301723c8516fe09806a18c5e57c99eba068dade72e0e7da0fef4423120fe84106390b7cf426ad56ccedb26f05430f3d6c25560dd42b5ab4e

  • SSDEEP

    1536:9Jvpm0PGt6rj5w0OqcocxrD5n6eDwDueLic+8ifnIcQ63xF+0j11BrM:XvpmuGt6rj5w0Oqcoc+ekDVLi580nIco

Malware Config

Targets

    • Target

      ba5396e15e896c12f5b948b4ab134e44.exe

    • Size

      91KB

    • MD5

      ba5396e15e896c12f5b948b4ab134e44

    • SHA1

      ad091a08da28014d915f0ba4dee83598d04eddaf

    • SHA256

      29bdf30d0b641a2fb9abc5dc9b5544e39cb91c9e2deb927b45679010198c765f

    • SHA512

      7a5ddd3e3459745c301723c8516fe09806a18c5e57c99eba068dade72e0e7da0fef4423120fe84106390b7cf426ad56ccedb26f05430f3d6c25560dd42b5ab4e

    • SSDEEP

      1536:9Jvpm0PGt6rj5w0OqcocxrD5n6eDwDueLic+8ifnIcQ63xF+0j11BrM:XvpmuGt6rj5w0Oqcoc+ekDVLi580nIco

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets DLL path for service in the registry

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks