Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d3f24a4d9bbe0f79a2e3a9efa5fcca6f7b95c9a9de5e892b3017fcab4312716a

  • Size

    3.4MB

  • Sample

    231024-ms7dyscc8v

  • MD5

    46cbc8b5d725ca9f020a9875f7904ea8

  • SHA1

    75c96f0494b3ce9aec641b5ccb7db063003f7e62

  • SHA256

    d3f24a4d9bbe0f79a2e3a9efa5fcca6f7b95c9a9de5e892b3017fcab4312716a

  • SHA512

    3e0f7f9128dfd3e3ef9905d73a323d5908ca82dafe1e4f7f9d0c689db4d9286fabb4f8aed6a89542e31af3277d8ecba0f83167fcf6193418e5036005f51f649f

  • SSDEEP

    49152:3CwsbCANnKXferL7Vwe/Gg0P+WhMnXg86AxtGTy1IB2H:yws2ANnKXOaeOgmhMnw8V1Iu

Malware Config

Targets

    • Target

      d3f24a4d9bbe0f79a2e3a9efa5fcca6f7b95c9a9de5e892b3017fcab4312716a

    • Size

      3.4MB

    • MD5

      46cbc8b5d725ca9f020a9875f7904ea8

    • SHA1

      75c96f0494b3ce9aec641b5ccb7db063003f7e62

    • SHA256

      d3f24a4d9bbe0f79a2e3a9efa5fcca6f7b95c9a9de5e892b3017fcab4312716a

    • SHA512

      3e0f7f9128dfd3e3ef9905d73a323d5908ca82dafe1e4f7f9d0c689db4d9286fabb4f8aed6a89542e31af3277d8ecba0f83167fcf6193418e5036005f51f649f

    • SSDEEP

      49152:3CwsbCANnKXferL7Vwe/Gg0P+WhMnXg86AxtGTy1IB2H:yws2ANnKXOaeOgmhMnw8V1Iu

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks