Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

79dea9f7af...2b.exe

windows7-x64

10

79dea9f7af...2b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79dea9f7af27c82546d6a0a5f2585e613cfd594e7f747b7136886e623bf1fa2b

  • Size

    2.2MB

  • Sample

    230303-phf55ahd67

  • MD5

    2d7288e193e533dafab9d8c2f2038e6f

  • SHA1

    52f0067ede836a52a144f52520c37a24421b1a3c

  • SHA256

    79dea9f7af27c82546d6a0a5f2585e613cfd594e7f747b7136886e623bf1fa2b

  • SHA512

    6948377720d4eb0bc153289aa004696869264bd99940ed894b02689672d68032346360e2d49bb406d8764e42a982c93bdb8b3db08646ec275f9dbb279f92f445

  • SSDEEP

    24576:xL9QwSgxmxylZViyf6KOGSKC891D8vRMFgcvahnsCYXDC1SROmDn3I:xffwGSf8CRMFgcvrXGSRBDn3I

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      79dea9f7af27c82546d6a0a5f2585e613cfd594e7f747b7136886e623bf1fa2b

    • Size

      2.2MB

    • MD5

      2d7288e193e533dafab9d8c2f2038e6f

    • SHA1

      52f0067ede836a52a144f52520c37a24421b1a3c

    • SHA256

      79dea9f7af27c82546d6a0a5f2585e613cfd594e7f747b7136886e623bf1fa2b

    • SHA512

      6948377720d4eb0bc153289aa004696869264bd99940ed894b02689672d68032346360e2d49bb406d8764e42a982c93bdb8b3db08646ec275f9dbb279f92f445

    • SSDEEP

      24576:xL9QwSgxmxylZViyf6KOGSKC891D8vRMFgcvahnsCYXDC1SROmDn3I:xffwGSf8CRMFgcvrXGSRBDn3I

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks