Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.8dc7625de7e66a1387caa9f6219533db636dcb1b26d77a8a868029c904f729c4_JC.exe

  • Size

    10.1MB

  • Sample

    231006-sbdyzadd5s

  • MD5

    0afb464d2654193dac667c26a24afbd0

  • SHA1

    cc52ed0e0caba7a3dab7b40f4d06605205d8a9df

  • SHA256

    8dc7625de7e66a1387caa9f6219533db636dcb1b26d77a8a868029c904f729c4

  • SHA512

    2290595bb7bc96b7d46ccce660c808bf58d18802e82f89407e6887d030e66ebe636c35fe917aed1c95f74387aab7c0f4a449f17749a8e58b8066b28c38ac4e5d

  • SSDEEP

    6144:1IposGo+OMpe4HMHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHf:SpodaMo4Y

Malware Config

Extracted

Family

gh0strat

C2

127.0.0.1

Targets

    • Target

      NEAS.8dc7625de7e66a1387caa9f6219533db636dcb1b26d77a8a868029c904f729c4_JC.exe

    • Size

      10.1MB

    • MD5

      0afb464d2654193dac667c26a24afbd0

    • SHA1

      cc52ed0e0caba7a3dab7b40f4d06605205d8a9df

    • SHA256

      8dc7625de7e66a1387caa9f6219533db636dcb1b26d77a8a868029c904f729c4

    • SHA512

      2290595bb7bc96b7d46ccce660c808bf58d18802e82f89407e6887d030e66ebe636c35fe917aed1c95f74387aab7c0f4a449f17749a8e58b8066b28c38ac4e5d

    • SSDEEP

      6144:1IposGo+OMpe4HMHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHf:SpodaMo4Y

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks