Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee

  • Size

    4.8MB

  • Sample

    231118-eg214aae58

  • MD5

    ee78d63e919cb8603b76f900e221e543

  • SHA1

    65f96985bfe97ef6559002a1301e84745bbbfd07

  • SHA256

    49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee

  • SHA512

    f16e2766ae3a498062e0d6d7d6b6e399265098cad556596553fb4842a8efd974e73dad65ddfcae024423a61de50d2a370cb276364b38b00f8f7528f2f4b07573

  • SSDEEP

    49152:BGRl/jveTNl4+4ZzUl+hkr5kgg4+9+BPT8/ptNqI0EezUofk9AI6hlKlCcm8ZSRy:BGRRv+NIK+hkYLNqtKYcmH4lLkuGcf/

Score
10/10

Malware Config

Targets

    • Target

      49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee

    • Size

      4.8MB

    • MD5

      ee78d63e919cb8603b76f900e221e543

    • SHA1

      65f96985bfe97ef6559002a1301e84745bbbfd07

    • SHA256

      49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee

    • SHA512

      f16e2766ae3a498062e0d6d7d6b6e399265098cad556596553fb4842a8efd974e73dad65ddfcae024423a61de50d2a370cb276364b38b00f8f7528f2f4b07573

    • SSDEEP

      49152:BGRl/jveTNl4+4ZzUl+hkr5kgg4+9+BPT8/ptNqI0EezUofk9AI6hlKlCcm8ZSRy:BGRRv+NIK+hkYLNqtKYcmH4lLkuGcf/

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks