Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b2b416d08c3391ce0842d998e0d5f273.exe

  • Size

    1.3MB

  • Sample

    240202-efffpsfebl

  • MD5

    b2b416d08c3391ce0842d998e0d5f273

  • SHA1

    b384e63d2d57c5c744d1da4e5e92faad09228ab1

  • SHA256

    54471e79557fcf3f12279ab32be68aee2ca1cfd68e29134d0b34caf6975c3254

  • SHA512

    42ecf9093b0182388b57e40ff2581ede8a3e9cd487315d02886e19aeb168005016c6178e966cae4a9358b056927947b65a46bf77de432b73d7fce237abb996b9

  • SSDEEP

    24576:eziaTTDWECSiUgQCl+V1KPOiLs1yYeunFqjTZfyt2V1zdPY0UavdQ1+fXmc1:UiUvCSH1r2s1NRqHZKt2V1zdPYVaNv5

Score
10/10

Malware Config

Targets

    • Target

      b2b416d08c3391ce0842d998e0d5f273.exe

    • Size

      1.3MB

    • MD5

      b2b416d08c3391ce0842d998e0d5f273

    • SHA1

      b384e63d2d57c5c744d1da4e5e92faad09228ab1

    • SHA256

      54471e79557fcf3f12279ab32be68aee2ca1cfd68e29134d0b34caf6975c3254

    • SHA512

      42ecf9093b0182388b57e40ff2581ede8a3e9cd487315d02886e19aeb168005016c6178e966cae4a9358b056927947b65a46bf77de432b73d7fce237abb996b9

    • SSDEEP

      24576:eziaTTDWECSiUgQCl+V1KPOiLs1yYeunFqjTZfyt2V1zdPY0UavdQ1+fXmc1:UiUvCSH1r2s1NRqHZKt2V1zdPYVaNv5

    Score
    10/10
    • Detect ZGRat V1

    • Modifies WinLogon for persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks