Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.2672783b07d4a03225cd11b484092db5792617647ba2f3ac4b447e22a9d0ed16xlsx_JC.xls

  • Size

    220KB

  • Sample

    231023-t3qbracc55

  • MD5

    15c921cb2dac8d0ee2ca4fbe7f7c0989

  • SHA1

    18bbe85e71bc15b10da55f70796ac86bd75936d9

  • SHA256

    2672783b07d4a03225cd11b484092db5792617647ba2f3ac4b447e22a9d0ed16

  • SHA512

    6000006878ddf4446602606e85f2aa958b3952c1e109f85651b1254018faac844841418fb3f0bd951693aa5e6867e89997fe070785aed857566d4b93e60365ce

  • SSDEEP

    6144:9Y35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVqfMIkoR0/WU/6FG07W:E3bVqfMIkoR0wG07W

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg

exe.dropper

https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg

Targets

    • Target

      NEAS.2672783b07d4a03225cd11b484092db5792617647ba2f3ac4b447e22a9d0ed16xlsx_JC.xls

    • Size

      220KB

    • MD5

      15c921cb2dac8d0ee2ca4fbe7f7c0989

    • SHA1

      18bbe85e71bc15b10da55f70796ac86bd75936d9

    • SHA256

      2672783b07d4a03225cd11b484092db5792617647ba2f3ac4b447e22a9d0ed16

    • SHA512

      6000006878ddf4446602606e85f2aa958b3952c1e109f85651b1254018faac844841418fb3f0bd951693aa5e6867e89997fe070785aed857566d4b93e60365ce

    • SSDEEP

      6144:9Y35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVqfMIkoR0/WU/6FG07W:E3bVqfMIkoR0wG07W

    Score
    10/10
    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks