Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    62ee5b95c34acf1b01e338ad370c4dda687bdd67

  • Size

    248KB

  • Sample

    230203-xmmgpshc56

  • MD5

    4ca04b351bb18652fcda67b45eed03a9

  • SHA1

    62ee5b95c34acf1b01e338ad370c4dda687bdd67

  • SHA256

    420dfb75c981fe4ab474de914e92c8171f52544d1f3a4d66bf9249e8578d729d

  • SHA512

    d462553e89b0adda35854157bdbb668dc6ac7e415f5dcf37cf65aecd19ff1d93f0aa18e8831f59be5982c21d71715dfa227958696b81d71a9cde8ec9bc79c7b6

  • SSDEEP

    6144:m8OyFY+X5tuRG9YodJ8mQccZowlFfo7qa4D64+94QIKgFLKyEs2UfaoksNzB1jpU:TFY+X5tuRG9YodJ8mQccZowlFfo7qa4U

Malware Config

Targets

    • Target

      62ee5b95c34acf1b01e338ad370c4dda687bdd67

    • Size

      248KB

    • MD5

      4ca04b351bb18652fcda67b45eed03a9

    • SHA1

      62ee5b95c34acf1b01e338ad370c4dda687bdd67

    • SHA256

      420dfb75c981fe4ab474de914e92c8171f52544d1f3a4d66bf9249e8578d729d

    • SHA512

      d462553e89b0adda35854157bdbb668dc6ac7e415f5dcf37cf65aecd19ff1d93f0aa18e8831f59be5982c21d71715dfa227958696b81d71a9cde8ec9bc79c7b6

    • SSDEEP

      6144:m8OyFY+X5tuRG9YodJ8mQccZowlFfo7qa4D64+94QIKgFLKyEs2UfaoksNzB1jpU:TFY+X5tuRG9YodJ8mQccZowlFfo7qa4U

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks