Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    20320bd328c8a9ab7ebacd0b7827c742.bin

  • Size

    231KB

  • Sample

    230828-bebjksec36

  • MD5

    8909a35416f19648660df9e7e0508179

  • SHA1

    888fc50ce6c6b43815ce09a5f0dc11a795caa41c

  • SHA256

    2c6f5bffa8066d7d486735adb6ccc78654f487edd5ebeba5e043eb0db3cf6ae4

  • SHA512

    72ed40cc03e4fc5b72bc9959e12ae3576c5f4e5c5e828defd8e50800dcc119397635352b5cf56ac9178b801135b7a45e036f9f2213b9453d14283e41cfc685e7

  • SSDEEP

    3072:j6R2YZ8JeBnIv8gSZRNV2rNToOJKZ7JC0e/HJaQVCr607sQsKQa51yx846e+9:jc2wpGDSTsOOJs7JCJRaCA60ulNW4Nq

Malware Config

Targets

    • Target

      46062feff144c57dfdb69096b765be5b2e6e7fa3493cf0669b7163acbc51c48a.bin

    • Size

      524KB

    • MD5

      20320bd328c8a9ab7ebacd0b7827c742

    • SHA1

      8a66676b0a4926a9525630f6b4ec7a106db3e27f

    • SHA256

      46062feff144c57dfdb69096b765be5b2e6e7fa3493cf0669b7163acbc51c48a

    • SHA512

      151a1d9db7f4162417e0f0bedd21d2442d16330003466b76d1055d099360262f0e4f72411125fda2302c531d2845e3ea620aeea3616c5172dcb194fef276a646

    • SSDEEP

      12288:KQb8e55GXwhEIGmcuRrv0CbU4j0ARGohKRjP7Kt+V7UB1ZSQCVmzdditQxL5NLlg:L5pKpOd/GTV5nJ

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks