Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f6db15cdbb2137131ba70aa0e63b0603

  • Size

    1.2MB

  • Sample

    231228-zh16eacfdp

  • MD5

    f6db15cdbb2137131ba70aa0e63b0603

  • SHA1

    13c5f75ed3e3aa10d7aa283cdc70c8250f92e73a

  • SHA256

    872372928f197725ff8d10148f26189f4fe4c58122c0066905549254fc52cb3e

  • SHA512

    a6ef54fb8ba9a8a52a88f4b43937dd53e7cdc2c507e5168ebc106adc57db2e6087364f1c1690005ba5979c31f07514076c5dc19bf18f9d2dfbe8bf70fc0e3f86

  • SSDEEP

    12288:UZWtI6RkZBlOB0JuROB0tyJP7jVOWBuOB0JuROB0WLyBwYhxMJROuD6:UuhaZBlOtOuydjpBuOtOJyBXM7Zu

Malware Config

Targets

    • Target

      f6db15cdbb2137131ba70aa0e63b0603

    • Size

      1.2MB

    • MD5

      f6db15cdbb2137131ba70aa0e63b0603

    • SHA1

      13c5f75ed3e3aa10d7aa283cdc70c8250f92e73a

    • SHA256

      872372928f197725ff8d10148f26189f4fe4c58122c0066905549254fc52cb3e

    • SHA512

      a6ef54fb8ba9a8a52a88f4b43937dd53e7cdc2c507e5168ebc106adc57db2e6087364f1c1690005ba5979c31f07514076c5dc19bf18f9d2dfbe8bf70fc0e3f86

    • SSDEEP

      12288:UZWtI6RkZBlOB0JuROB0tyJP7jVOWBuOB0JuROB0WLyBwYhxMJROuD6:UuhaZBlOtOuydjpBuOtOJyBXM7Zu

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks