Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cae49b754cd4f40f428eaa78ceeef195.exe
-
Size
5.1MB
-
Sample
240106-k56l3sccfp
-
MD5
cae49b754cd4f40f428eaa78ceeef195
-
SHA1
c83006a616cef6e50254598ba869f8c1fef03d28
-
SHA256
493807123c2e449d0dcfdbd3443d083aef30a6aaea42381290572bab06090c0b
-
SHA512
40465396da861b69140139a493c21e8be32a7b5b03631381bbb3a04ea681c4d374a0046a82feda160a3414930af8f8bf460ce43d1a8559be93e6aec2bc315f52
-
SSDEEP
98304:Ab+ge5mSVzQzRNWDs4vCS7W5IeouyUKylP1uniL8OspPYB:AbG5dV0dNWI6CS7xnuyUCiL5spPk
Malware Config
Targets
-
-
Target
cae49b754cd4f40f428eaa78ceeef195.exe
-
Size
5.1MB
-
MD5
cae49b754cd4f40f428eaa78ceeef195
-
SHA1
c83006a616cef6e50254598ba869f8c1fef03d28
-
SHA256
493807123c2e449d0dcfdbd3443d083aef30a6aaea42381290572bab06090c0b
-
SHA512
40465396da861b69140139a493c21e8be32a7b5b03631381bbb3a04ea681c4d374a0046a82feda160a3414930af8f8bf460ce43d1a8559be93e6aec2bc315f52
-
SSDEEP
98304:Ab+ge5mSVzQzRNWDs4vCS7W5IeouyUKylP1uniL8OspPYB:AbG5dV0dNWI6CS7xnuyUCiL5spPk
Score10/10-
Detect ZGRat V1
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-