Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e0876e96ff2cead5fb36f097f0312f809626287bda7809d9e741d869387cc618
-
Size
2.1MB
-
Sample
231014-szzwcafh5v
-
MD5
6ff22367445fd5b83fd988006910967e
-
SHA1
fff398692fc7c2da091b506a42b12cae8dad5212
-
SHA256
e0876e96ff2cead5fb36f097f0312f809626287bda7809d9e741d869387cc618
-
SHA512
25581e2ed2eccc263e8266d1936ea4c6daa2ea69439ef66a2fcc4b3d4e83de8c904d34334444f26e52d936b44be25f5412c53059456a555cf3a6ac0f1cf53a04
-
SSDEEP
49152:tTYcTarVjQllcn9XdeUxIMTr+Emb9XK6adYKuuTkP8UL2Z5e/gPSsP7YU4:tGVjQllcn9X/xdmEmb9XK68uuTkP0e/o
Malware Config
Targets
-
-
Target
e0876e96ff2cead5fb36f097f0312f809626287bda7809d9e741d869387cc618
-
Size
2.1MB
-
MD5
6ff22367445fd5b83fd988006910967e
-
SHA1
fff398692fc7c2da091b506a42b12cae8dad5212
-
SHA256
e0876e96ff2cead5fb36f097f0312f809626287bda7809d9e741d869387cc618
-
SHA512
25581e2ed2eccc263e8266d1936ea4c6daa2ea69439ef66a2fcc4b3d4e83de8c904d34334444f26e52d936b44be25f5412c53059456a555cf3a6ac0f1cf53a04
-
SSDEEP
49152:tTYcTarVjQllcn9XdeUxIMTr+Emb9XK6adYKuuTkP8UL2Z5e/gPSsP7YU4:tGVjQllcn9X/xdmEmb9XK68uuTkP0e/o
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-