Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ade7d77bea75470f2b172b27ffcb8d3ae43eefd1de981cb4d9a01b7f2cee46df

  • Size

    1.3MB

  • Sample

    231211-m1q2yaeae6

  • MD5

    d7384ee609eb1a92b94523787c17614d

  • SHA1

    6eb7a157ee0ebae281f50a5b6f6cc7598f0d7f56

  • SHA256

    ade7d77bea75470f2b172b27ffcb8d3ae43eefd1de981cb4d9a01b7f2cee46df

  • SHA512

    dfbaabeb0f3692d8e83f3eca45aab97c51c1b53290a10bdfea638702872fab8340d60c961346e8676d172590ba2216ae6d4f26f5ac2f1bd9f6fa72d029312cd0

  • SSDEEP

    24576:9OyHutimZ9VSly2hVvHW6qMnSbTBBhBMNvFyzhyz:wHPkVOBTK

Malware Config

Targets

    • Target

      ade7d77bea75470f2b172b27ffcb8d3ae43eefd1de981cb4d9a01b7f2cee46df

    • Size

      1.3MB

    • MD5

      d7384ee609eb1a92b94523787c17614d

    • SHA1

      6eb7a157ee0ebae281f50a5b6f6cc7598f0d7f56

    • SHA256

      ade7d77bea75470f2b172b27ffcb8d3ae43eefd1de981cb4d9a01b7f2cee46df

    • SHA512

      dfbaabeb0f3692d8e83f3eca45aab97c51c1b53290a10bdfea638702872fab8340d60c961346e8676d172590ba2216ae6d4f26f5ac2f1bd9f6fa72d029312cd0

    • SSDEEP

      24576:9OyHutimZ9VSly2hVvHW6qMnSbTBBhBMNvFyzhyz:wHPkVOBTK

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks