Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e0876e96ff2cead5fb36f097f0312f809626287bda7809d9e741d869387cc618

  • Size

    2.1MB

  • Sample

    231014-szzwcafh5v

  • MD5

    6ff22367445fd5b83fd988006910967e

  • SHA1

    fff398692fc7c2da091b506a42b12cae8dad5212

  • SHA256

    e0876e96ff2cead5fb36f097f0312f809626287bda7809d9e741d869387cc618

  • SHA512

    25581e2ed2eccc263e8266d1936ea4c6daa2ea69439ef66a2fcc4b3d4e83de8c904d34334444f26e52d936b44be25f5412c53059456a555cf3a6ac0f1cf53a04

  • SSDEEP

    49152:tTYcTarVjQllcn9XdeUxIMTr+Emb9XK6adYKuuTkP8UL2Z5e/gPSsP7YU4:tGVjQllcn9X/xdmEmb9XK68uuTkP0e/o

Score
10/10

Malware Config

Targets

    • Target

      e0876e96ff2cead5fb36f097f0312f809626287bda7809d9e741d869387cc618

    • Size

      2.1MB

    • MD5

      6ff22367445fd5b83fd988006910967e

    • SHA1

      fff398692fc7c2da091b506a42b12cae8dad5212

    • SHA256

      e0876e96ff2cead5fb36f097f0312f809626287bda7809d9e741d869387cc618

    • SHA512

      25581e2ed2eccc263e8266d1936ea4c6daa2ea69439ef66a2fcc4b3d4e83de8c904d34334444f26e52d936b44be25f5412c53059456a555cf3a6ac0f1cf53a04

    • SSDEEP

      49152:tTYcTarVjQllcn9XdeUxIMTr+Emb9XK6adYKuuTkP8UL2Z5e/gPSsP7YU4:tGVjQllcn9X/xdmEmb9XK68uuTkP0e/o

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks