Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

53e902d89b...d7.exe

windows7-x64

10

53e902d89b...d7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53e902d89b285f81cef5e2e9a2782cd7

  • Size

    336KB

  • Sample

    231226-e1tttsdcar

  • MD5

    53e902d89b285f81cef5e2e9a2782cd7

  • SHA1

    369080a95b2dbe23f935febec7b5eda02247de09

  • SHA256

    0e0cf649a9677b86d41b380e00e7b5a3fc86733cdd2d27baf32c29081011a7b5

  • SHA512

    03321a6e9e2d43a79123c6758d0daf5712fe981db86f61c18cd4f82d65f78648e4a855c13bde17b109e69c7d89c939ed0c8c1fddba6e170bbec57676006ff901

  • SSDEEP

    6144:YC3Dee6eDksOFilfPuE857FpY4lpeUaKcOwMrSv2dpCrnG+mxUYUnvI/:4CDksoilfPzI7fY4XeEjrSv2EG3/kva

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      53e902d89b285f81cef5e2e9a2782cd7

    • Size

      336KB

    • MD5

      53e902d89b285f81cef5e2e9a2782cd7

    • SHA1

      369080a95b2dbe23f935febec7b5eda02247de09

    • SHA256

      0e0cf649a9677b86d41b380e00e7b5a3fc86733cdd2d27baf32c29081011a7b5

    • SHA512

      03321a6e9e2d43a79123c6758d0daf5712fe981db86f61c18cd4f82d65f78648e4a855c13bde17b109e69c7d89c939ed0c8c1fddba6e170bbec57676006ff901

    • SSDEEP

      6144:YC3Dee6eDksOFilfPuE857FpY4lpeUaKcOwMrSv2dpCrnG+mxUYUnvI/:4CDksoilfPzI7fY4XeEjrSv2EG3/kva

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Blocklisted process makes network request

    • Sets DLL path for service in the registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks