Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    19ed1f40bdd3b351e075af39d3ffa0ae

  • Size

    902KB

  • Sample

    231230-qn4ztabad6

  • MD5

    19ed1f40bdd3b351e075af39d3ffa0ae

  • SHA1

    6d20d83656bd4178581dd10df43596ad5f78279b

  • SHA256

    36a91eb16f6e147110311584e6d3b39c0e5c4f791c42e46c6175af674c65e9de

  • SHA512

    9701ca221669e3f23236e9c5be2caf28bd73470e9474e088f26c6383ec12141d1756e33532f8c9705a62109a2306a8cdfa1e60225fb4c5ff4fdee1b37432ae9a

  • SSDEEP

    12288:jt0VPFfsKAkrbPlXhHANUTNqmkupHANUTe:SFksb1Amkuu

Malware Config

Targets

    • Target

      19ed1f40bdd3b351e075af39d3ffa0ae

    • Size

      902KB

    • MD5

      19ed1f40bdd3b351e075af39d3ffa0ae

    • SHA1

      6d20d83656bd4178581dd10df43596ad5f78279b

    • SHA256

      36a91eb16f6e147110311584e6d3b39c0e5c4f791c42e46c6175af674c65e9de

    • SHA512

      9701ca221669e3f23236e9c5be2caf28bd73470e9474e088f26c6383ec12141d1756e33532f8c9705a62109a2306a8cdfa1e60225fb4c5ff4fdee1b37432ae9a

    • SSDEEP

      12288:jt0VPFfsKAkrbPlXhHANUTNqmkupHANUTe:SFksb1Amkuu

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks