Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f952be5a5ec3020ff2dace8c43acdf1fcc1ccf24aee7ac30d0dd4d29419e33eb

  • Size

    1.6MB

  • Sample

    230831-zvdkwaae93

  • MD5

    63539d9529b44b41ec7ca70785049628

  • SHA1

    2a9d3c6deb8305e406d4f240d59d1183c9221290

  • SHA256

    f952be5a5ec3020ff2dace8c43acdf1fcc1ccf24aee7ac30d0dd4d29419e33eb

  • SHA512

    cd4eafe912ad76bbc2ebe7676ef57d8cd8aac98a481fec3ccd59a38ec5b65f7bb400d4c9e5cb369e5d7046cd95b494cfe2591ab5914e2ca30d89bca49bc2f3df

  • SSDEEP

    49152:pjrbjJlhSeEwHPcY1x8AvCZ/T3uYDSfzQQHVI8xc:BhlhrHPHTup+Y3ynxc

Malware Config

Targets

    • Target

      f952be5a5ec3020ff2dace8c43acdf1fcc1ccf24aee7ac30d0dd4d29419e33eb

    • Size

      1.6MB

    • MD5

      63539d9529b44b41ec7ca70785049628

    • SHA1

      2a9d3c6deb8305e406d4f240d59d1183c9221290

    • SHA256

      f952be5a5ec3020ff2dace8c43acdf1fcc1ccf24aee7ac30d0dd4d29419e33eb

    • SHA512

      cd4eafe912ad76bbc2ebe7676ef57d8cd8aac98a481fec3ccd59a38ec5b65f7bb400d4c9e5cb369e5d7046cd95b494cfe2591ab5914e2ca30d89bca49bc2f3df

    • SSDEEP

      49152:pjrbjJlhSeEwHPcY1x8AvCZ/T3uYDSfzQQHVI8xc:BhlhrHPHTup+Y3ynxc

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks