Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d

  • Size

    4.7MB

  • Sample

    231210-19b62adgfm

  • MD5

    37f406c2985041ad85f1f3d6db1249ff

  • SHA1

    56f4ed0bcba0bf7fe60c27d1ddf260f32b9e29c3

  • SHA256

    2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d

  • SHA512

    f3415cb83d10ef62aca5986dd668b1109162651eaf509a06ee42bc1f3fb63c2ff5d8ab7ceeac9c098f3b5f121c8d278a0d97f3341e13f0f55bf564aaed1f5b6b

  • SSDEEP

    98304:xrfhS3srwSUx+DMn+8vYDhRgUqmF14UZr:xrfhS3EDg+lZt9Z

Malware Config

Targets

    • Target

      2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d

    • Size

      4.7MB

    • MD5

      37f406c2985041ad85f1f3d6db1249ff

    • SHA1

      56f4ed0bcba0bf7fe60c27d1ddf260f32b9e29c3

    • SHA256

      2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d

    • SHA512

      f3415cb83d10ef62aca5986dd668b1109162651eaf509a06ee42bc1f3fb63c2ff5d8ab7ceeac9c098f3b5f121c8d278a0d97f3341e13f0f55bf564aaed1f5b6b

    • SSDEEP

      98304:xrfhS3srwSUx+DMn+8vYDhRgUqmF14UZr:xrfhS3EDg+lZt9Z

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks