Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d50124fb9b...22.exe

windows7-x64

10

d50124fb9b...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d50124fb9b63888e37d8325c77467122.exe

  • Size

    348KB

  • Sample

    240103-s3lswsacf4

  • MD5

    d50124fb9b63888e37d8325c77467122

  • SHA1

    f7af8a37cd43f6caeb87dd817fff00b189f33c23

  • SHA256

    15c05795419e2b32d14f88c34a58698671f39d95a4fa52c82c4d9b754dce1c46

  • SHA512

    6a503a4a322f7ac606bdb3b66540145ec3b32a8fd00af495bad8e2a08c193141590a9e7cb4ee3f8fe1dab78958af3fb4b8eff863eb3af436bf053e8e55a9740e

  • SSDEEP

    6144:MJueTkwOwoWOQ3dwaWB28edeP/deUv80P80Ap8UGwoTGHZOWJkqd0K4rG7eVT0SO:ouLwoZQGpnedeP/deUe1ppGjTGHZRT06

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      d50124fb9b63888e37d8325c77467122.exe

    • Size

      348KB

    • MD5

      d50124fb9b63888e37d8325c77467122

    • SHA1

      f7af8a37cd43f6caeb87dd817fff00b189f33c23

    • SHA256

      15c05795419e2b32d14f88c34a58698671f39d95a4fa52c82c4d9b754dce1c46

    • SHA512

      6a503a4a322f7ac606bdb3b66540145ec3b32a8fd00af495bad8e2a08c193141590a9e7cb4ee3f8fe1dab78958af3fb4b8eff863eb3af436bf053e8e55a9740e

    • SSDEEP

      6144:MJueTkwOwoWOQ3dwaWB28edeP/deUv80P80Ap8UGwoTGHZOWJkqd0K4rG7eVT0SO:ouLwoZQGpnedeP/deUe1ppGjTGHZRT06

    Score
    10/10
    gh0stratratpersistence

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Modifies Installed Components in the registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks