Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d66197ab30a3ab928d063a8342c0e4f0a5eb335a3f1b5e875f90e0641a83d66f

  • Size

    1.7MB

  • Sample

    230903-ntabaahh66

  • MD5

    7f1cee38087344f909aebfbcb83b9943

  • SHA1

    c37d615f08ae0a6d71d1d1df748e91999c0f6fc9

  • SHA256

    d66197ab30a3ab928d063a8342c0e4f0a5eb335a3f1b5e875f90e0641a83d66f

  • SHA512

    4402520fcc8c39cd09bc2a919eb04df7f386501570576fb6a11716eec7d428c0f014945276cec88e4349de724583c512cc63619a3f770a5a33e347194097ddcc

  • SSDEEP

    24576:ei2Tro2H2HESq2eWJ6MQjySjygLNSy7tiHh0dFlXWEXegC:exTc2H2tFvduySbgHh0dFlX

Malware Config

Targets

    • Target

      d66197ab30a3ab928d063a8342c0e4f0a5eb335a3f1b5e875f90e0641a83d66f

    • Size

      1.7MB

    • MD5

      7f1cee38087344f909aebfbcb83b9943

    • SHA1

      c37d615f08ae0a6d71d1d1df748e91999c0f6fc9

    • SHA256

      d66197ab30a3ab928d063a8342c0e4f0a5eb335a3f1b5e875f90e0641a83d66f

    • SHA512

      4402520fcc8c39cd09bc2a919eb04df7f386501570576fb6a11716eec7d428c0f014945276cec88e4349de724583c512cc63619a3f770a5a33e347194097ddcc

    • SSDEEP

      24576:ei2Tro2H2HESq2eWJ6MQjySjygLNSy7tiHh0dFlXWEXegC:exTc2H2tFvduySbgHh0dFlX

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks