Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    240125-yrh6hsfbhm

  • MD5

    dade3d1f204511b49e65d585685a8b1f

  • SHA1

    a9fd8b917236353283aa812b225c3c161f82addd

  • SHA256

    3673fd28dc25cb26f8dad4aba5a280797cc5879e62bb064fa7d3e2bfb48b603b

  • SHA512

    3e1ca769a2e342608fb4c0d4c730bbaa58be08ae197c8a460fdd0b14e5540b17d5bde325fc746b161cd89c960655a830a68c368d3a0cc88fa8b24ce17f23778c

  • SSDEEP

    49152:jhm8pZbD1re5B1E8+/FB6UnBkBa1bpAm:VxDGl2Mdc1NAm

Score
10/10
zgratpersistencerat

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      dade3d1f204511b49e65d585685a8b1f

    • SHA1

      a9fd8b917236353283aa812b225c3c161f82addd

    • SHA256

      3673fd28dc25cb26f8dad4aba5a280797cc5879e62bb064fa7d3e2bfb48b603b

    • SHA512

      3e1ca769a2e342608fb4c0d4c730bbaa58be08ae197c8a460fdd0b14e5540b17d5bde325fc746b161cd89c960655a830a68c368d3a0cc88fa8b24ce17f23778c

    • SSDEEP

      49152:jhm8pZbD1re5B1E8+/FB6UnBkBa1bpAm:VxDGl2Mdc1NAm

    Score
    10/10
    zgratpersistencerat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks