Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5d3c3a3096...42.exe

windows7-x64

10

5d3c3a3096...42.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d3c3a309604356d25cc4bb23a8caeef2be23171a930817301a5f66d33fe8f42

  • Size

    1.3MB

  • Sample

    230508-ky4txabf6s

  • MD5

    f3eab5e140210e0e4ff2ff625b2ffe21

  • SHA1

    610fa43452f5cde3800a2ca81ce14e36a1dd3d6c

  • SHA256

    5d3c3a309604356d25cc4bb23a8caeef2be23171a930817301a5f66d33fe8f42

  • SHA512

    98cfb85663ecf5165f979fb76ab3302ea071cd0c64a1762d24c8334000999859555cae345a7382d5819a6f923fd8cdf2fd8d4d2e68e863378c7576882cd6a568

  • SSDEEP

    24576:V5Jv9AJdTyl4pf97WzwSsQniCbqr0RwquvqryHFdYTZ/V:V5JVAJYl4pFyzwB6t63SyHFu99

Score
10/10
fatalratgh0stratevasioninfostealerratupx

Malware Config

Targets

    • Target

      5d3c3a309604356d25cc4bb23a8caeef2be23171a930817301a5f66d33fe8f42

    • Size

      1.3MB

    • MD5

      f3eab5e140210e0e4ff2ff625b2ffe21

    • SHA1

      610fa43452f5cde3800a2ca81ce14e36a1dd3d6c

    • SHA256

      5d3c3a309604356d25cc4bb23a8caeef2be23171a930817301a5f66d33fe8f42

    • SHA512

      98cfb85663ecf5165f979fb76ab3302ea071cd0c64a1762d24c8334000999859555cae345a7382d5819a6f923fd8cdf2fd8d4d2e68e863378c7576882cd6a568

    • SSDEEP

      24576:V5Jv9AJdTyl4pf97WzwSsQniCbqr0RwquvqryHFdYTZ/V:V5JVAJYl4pFyzwB6t63SyHFu99

    Score
    10/10
    fatalratevasioninfostealerratgh0stratupx

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Fatal Rat payload

      ratinfostealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks