Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cae49b754cd4f40f428eaa78ceeef195.exe

  • Size

    5.1MB

  • Sample

    240106-k56l3sccfp

  • MD5

    cae49b754cd4f40f428eaa78ceeef195

  • SHA1

    c83006a616cef6e50254598ba869f8c1fef03d28

  • SHA256

    493807123c2e449d0dcfdbd3443d083aef30a6aaea42381290572bab06090c0b

  • SHA512

    40465396da861b69140139a493c21e8be32a7b5b03631381bbb3a04ea681c4d374a0046a82feda160a3414930af8f8bf460ce43d1a8559be93e6aec2bc315f52

  • SSDEEP

    98304:Ab+ge5mSVzQzRNWDs4vCS7W5IeouyUKylP1uniL8OspPYB:AbG5dV0dNWI6CS7xnuyUCiL5spPk

Malware Config

Targets

    • Target

      cae49b754cd4f40f428eaa78ceeef195.exe

    • Size

      5.1MB

    • MD5

      cae49b754cd4f40f428eaa78ceeef195

    • SHA1

      c83006a616cef6e50254598ba869f8c1fef03d28

    • SHA256

      493807123c2e449d0dcfdbd3443d083aef30a6aaea42381290572bab06090c0b

    • SHA512

      40465396da861b69140139a493c21e8be32a7b5b03631381bbb3a04ea681c4d374a0046a82feda160a3414930af8f8bf460ce43d1a8559be93e6aec2bc315f52

    • SSDEEP

      98304:Ab+ge5mSVzQzRNWDs4vCS7W5IeouyUKylP1uniL8OspPYB:AbG5dV0dNWI6CS7xnuyUCiL5spPk

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Drops startup file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks