Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee
-
Size
4.8MB
-
Sample
231118-eg214aae58
-
MD5
ee78d63e919cb8603b76f900e221e543
-
SHA1
65f96985bfe97ef6559002a1301e84745bbbfd07
-
SHA256
49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee
-
SHA512
f16e2766ae3a498062e0d6d7d6b6e399265098cad556596553fb4842a8efd974e73dad65ddfcae024423a61de50d2a370cb276364b38b00f8f7528f2f4b07573
-
SSDEEP
49152:BGRl/jveTNl4+4ZzUl+hkr5kgg4+9+BPT8/ptNqI0EezUofk9AI6hlKlCcm8ZSRy:BGRRv+NIK+hkYLNqtKYcmH4lLkuGcf/
Static task
static1
Behavioral task
behavioral1
Sample
49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee.exe
Resource
win7-20231020-en
Malware Config
Targets
-
-
Target
49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee
-
Size
4.8MB
-
MD5
ee78d63e919cb8603b76f900e221e543
-
SHA1
65f96985bfe97ef6559002a1301e84745bbbfd07
-
SHA256
49bb3caf733fb1c4b57dce2b4018edcbb6a61c0140aeccacf64746625a34d5ee
-
SHA512
f16e2766ae3a498062e0d6d7d6b6e399265098cad556596553fb4842a8efd974e73dad65ddfcae024423a61de50d2a370cb276364b38b00f8f7528f2f4b07573
-
SSDEEP
49152:BGRl/jveTNl4+4ZzUl+hkr5kgg4+9+BPT8/ptNqI0EezUofk9AI6hlKlCcm8ZSRy:BGRRv+NIK+hkYLNqtKYcmH4lLkuGcf/
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-