Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    030ce9025e3b0093a26cd7b81e63a1cb

  • Size

    524KB

  • Sample

    231229-y7qwasfba6

  • MD5

    030ce9025e3b0093a26cd7b81e63a1cb

  • SHA1

    52600bacc4d3b0351a4da1e4011f694db33f22b5

  • SHA256

    745ae4a224b7ee9aa20f1a880357d66c720ef163b8b183d99de4a1841a05afab

  • SHA512

    c90ce30de3efdc6b9696afff1eb3c4223113adf739aee602bf8311f23ffe7c0815e0d4488682b3267ac206a4de53d0db3607d0f28ae47006e7593e7b232e54dd

  • SSDEEP

    12288:q08PKZVQQxfnr+TK7r79/J0NWNf37JcAayM5ahHjJ:t8AVQQxfnr+TK7r79/J0ofrJEyM5ahDJ

Malware Config

Targets

    • Target

      030ce9025e3b0093a26cd7b81e63a1cb

    • Size

      524KB

    • MD5

      030ce9025e3b0093a26cd7b81e63a1cb

    • SHA1

      52600bacc4d3b0351a4da1e4011f694db33f22b5

    • SHA256

      745ae4a224b7ee9aa20f1a880357d66c720ef163b8b183d99de4a1841a05afab

    • SHA512

      c90ce30de3efdc6b9696afff1eb3c4223113adf739aee602bf8311f23ffe7c0815e0d4488682b3267ac206a4de53d0db3607d0f28ae47006e7593e7b232e54dd

    • SSDEEP

      12288:q08PKZVQQxfnr+TK7r79/J0NWNf37JcAayM5ahHjJ:t8AVQQxfnr+TK7r79/J0ofrJEyM5ahDJ

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks