Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    58d6de2c467933f405ae2fc1d8e36a3b

  • Size

    361KB

  • Sample

    240113-nwnlpaheep

  • MD5

    58d6de2c467933f405ae2fc1d8e36a3b

  • SHA1

    9ef527fde74c857c4339b1e7d5dc1aa61ba79933

  • SHA256

    9bd198d3ef90bcb68ffad354bdd40fc4b624b557702e73715ef677bb38f75a2c

  • SHA512

    4aff3004affcd5c3a1d5938bcbf98d5bbc5a2b1349e59e98a6af5811b97fa82c1e706ff62e76f58ed006b8bc9cb1f57239d7f98bf1cebcde3032b55aadef1a67

  • SSDEEP

    6144:TGzRxSVtp0l6whGfsKR+zkBpTaa5tJHeZ:St0VPFfsKAkrbPleZ

Malware Config

Targets

    • Target

      58d6de2c467933f405ae2fc1d8e36a3b

    • Size

      361KB

    • MD5

      58d6de2c467933f405ae2fc1d8e36a3b

    • SHA1

      9ef527fde74c857c4339b1e7d5dc1aa61ba79933

    • SHA256

      9bd198d3ef90bcb68ffad354bdd40fc4b624b557702e73715ef677bb38f75a2c

    • SHA512

      4aff3004affcd5c3a1d5938bcbf98d5bbc5a2b1349e59e98a6af5811b97fa82c1e706ff62e76f58ed006b8bc9cb1f57239d7f98bf1cebcde3032b55aadef1a67

    • SSDEEP

      6144:TGzRxSVtp0l6whGfsKR+zkBpTaa5tJHeZ:St0VPFfsKAkrbPleZ

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks