Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dafcd85021f72612ced83dc5dc415eedcbcaf4a6a6e695a4e377a14b7cb33886

  • Size

    1.5MB

  • Sample

    231008-amcwyabc43

  • MD5

    89cede03ee5fdb1456a9324a9ed4ac1d

  • SHA1

    2fb722cf6691f825d2cd25d7c403b50960be810a

  • SHA256

    dafcd85021f72612ced83dc5dc415eedcbcaf4a6a6e695a4e377a14b7cb33886

  • SHA512

    db719097e9678377e3a59b68fffd234344dc40a978d85ee8c654383a23efb0094ee1fba6a9ccec9552734b531af07d407d1734d2176e226372dc03d611426134

  • SSDEEP

    24576:lQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVSwpefjqxn4t:lQZAdVyVT9n/Gg0P+WhospebqN4t

Malware Config

Targets

    • Target

      dafcd85021f72612ced83dc5dc415eedcbcaf4a6a6e695a4e377a14b7cb33886

    • Size

      1.5MB

    • MD5

      89cede03ee5fdb1456a9324a9ed4ac1d

    • SHA1

      2fb722cf6691f825d2cd25d7c403b50960be810a

    • SHA256

      dafcd85021f72612ced83dc5dc415eedcbcaf4a6a6e695a4e377a14b7cb33886

    • SHA512

      db719097e9678377e3a59b68fffd234344dc40a978d85ee8c654383a23efb0094ee1fba6a9ccec9552734b531af07d407d1734d2176e226372dc03d611426134

    • SSDEEP

      24576:lQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVSwpefjqxn4t:lQZAdVyVT9n/Gg0P+WhospebqN4t

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks