Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5f74df5871972c90f0404802c3cbc5ee.rar

  • Size

    287KB

  • Sample

    240106-l93lnaddhl

  • MD5

    5f74df5871972c90f0404802c3cbc5ee

  • SHA1

    d2401e9343a3acd37bb2b98d0afd11302cfb4891

  • SHA256

    963ed0909e317cbef3063bb417ecab92d3b95c4577409f1745cf5f81cffee318

  • SHA512

    e6f797dbf99332e8231ce1061f0bc63413facbc208939f362713871427c047b823ba9304435257c3a381b59d90cbd5021962236b4c44558b5580d4b3148e502d

  • SSDEEP

    6144:F2UJVwAc+kifLAwqNACzrGfLh1RmqifzwBvjH1c+qhFu:IUBEaLQhifKfzwnchFu

Malware Config

Targets

    • Target

      PCBoost.exe

    • Size

      291KB

    • MD5

      8e082840ba73601cf3500b473be9530a

    • SHA1

      cfaf2f80209bba131ce916610f224718dec4a4a1

    • SHA256

      f2a842bf291c54705a59e3a4c388310e692ec1608dbfc3c4921b709b2f45193f

    • SHA512

      16694c951e851533b6088be619f31208e989611c32f3d191c1bc1af6fb76c493874d1b382e56bf748e00210a21d63055c985decc71fff0f3a81adc09551cbe25

    • SSDEEP

      3072:Inj9jtfU+INndIc0JWo5vmu2bOsmu2bOns8AbphCFUARI0Fx5IlBANTQ9a+mrMnm:IjbeiHibVibws8AujIbAN89RmUhV5sCw

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets DLL path for service in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Target

      SScanner.dll

    • Size

      109KB

    • MD5

      674675acce75b610f66c7d5a6f2d8418

    • SHA1

      75f85a887dbfff5ad150a9d6f20c49addc04e923

    • SHA256

      1f3a30f4b7fe4e20bbdaa34690f4d9914d3bde2e4ec74ec8c59f06f822685082

    • SHA512

      317019ed9b021db127b5f5eeb1d13ddf3781205bda9675c516e6622765226372ea1ff61c56a4d8864d74cc7ea7487e41ef6803566c19f022f0a9c7084a4a5751

    • SSDEEP

      3072:HdnKdjuUEwZ543pE7WQ15hMDpELOzboLZGFxavftx8ng:9nKdjrEwZ543pEqq56e/Mavftxx

    Score
    1/10
    • Target

      uninst.exe

    • Size

      83KB

    • MD5

      61bc2c358e49694b01cb4bbac372e137

    • SHA1

      5edea6110b3fe6fd22ef82469368c694513871d6

    • SHA256

      76b2b91979ed0a988ecf14e29a7970dfa20667c6b0ae59828009147638ad2bf5

    • SHA512

      b34a0d1c73803476aaa2a3206bcf1020a3f875031963c1560eb999e24b98363ee381b93e1914a17648b6696d8c219ff2f99ff919a4890d49fe5445ee414f1de1

    • SSDEEP

      1536:/Px/CJAmx2/W5Ebnto4tmJPYRN6QcIA4lvs1eP/w49g3XTsJLYKq:3x6UW6tpmJPqTP/wQg3XTsJsKq

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks