Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a6d11fa9e1...98.exe

windows7-x64

10

a6d11fa9e1...98.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6d11fa9e1b265abf8be2deb192e063ffe9059ebb61913412e721fe107b8ed98

  • Size

    1.1MB

  • Sample

    231029-w5en5saf23

  • MD5

    424860500c6ff7cc0c748e7f3f967014

  • SHA1

    3d325b39e3646d5966adfb643322207b0cccd9b2

  • SHA256

    a6d11fa9e1b265abf8be2deb192e063ffe9059ebb61913412e721fe107b8ed98

  • SHA512

    d23147e4183bff07a571eae71fcc77ac3735941f4d6ab2bc818491edf9f7b717d5ea581fdda31e21facb24caad0da2f6bfa352ac40af0211216a00241a013273

  • SSDEEP

    24576:yYFbkIsaPiXSVnC7Yp9zkNmZG8RRln3yzrFxNedq:yYREXSVMDi3QFxNedq

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      a6d11fa9e1b265abf8be2deb192e063ffe9059ebb61913412e721fe107b8ed98

    • Size

      1.1MB

    • MD5

      424860500c6ff7cc0c748e7f3f967014

    • SHA1

      3d325b39e3646d5966adfb643322207b0cccd9b2

    • SHA256

      a6d11fa9e1b265abf8be2deb192e063ffe9059ebb61913412e721fe107b8ed98

    • SHA512

      d23147e4183bff07a571eae71fcc77ac3735941f4d6ab2bc818491edf9f7b717d5ea581fdda31e21facb24caad0da2f6bfa352ac40af0211216a00241a013273

    • SSDEEP

      24576:yYFbkIsaPiXSVnC7Yp9zkNmZG8RRln3yzrFxNedq:yYREXSVMDi3QFxNedq

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks