Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SRTWARE LOADER V2.zip

  • Size

    908KB

  • Sample

    240224-jebtcaeb5x

  • MD5

    1ffd3a69bd5820e9ab192b595714b997

  • SHA1

    24a4a07544a8720112695f284f571e8cb9e0e118

  • SHA256

    96996e79693217c967f9a62a997a53137b4b712c9419b7c6cdff2ee8851d7a4a

  • SHA512

    5d0a862672259e4e97cf381f7d89f452fe5b155110685ed7ae9af402f2608aeabe81957d0e13a7f7584398d0dbc8acc4c472a973f8d651ed73d128cbdcc5c151

  • SSDEEP

    24576:WYR7aOu4WokDYN/rqO/mmakEnjwiK/3npzwslGrcm4IU:XVaV4Jk0NTqERKnRK/Zzw6Gr8t

Malware Config

Targets

    • Target

      SRTWARE LOADER/Loader.exe

    • Size

      18KB

    • MD5

      de864db51c37274b514bf755e32dbbaf

    • SHA1

      1c61b7eee7e0251551208b70dd76a8e3c67f14c6

    • SHA256

      1a2e8e921618fb0fd4507fc6b56ed172318812116d99bc551ec4e9e416282393

    • SHA512

      bdb9913fe990a964040567a9752107921e28668bd78c5e59900ea05d007c6b2a1b4acd8ce69f53abf9ae4e15b7b2eeba72205db25ed81be1f6b38c789807f902

    • SSDEEP

      384:N9fBKvt6ozbwRMGk79jle1eOLQLw36gSrOT9HcZZn0:NRBKvt6V/k7SkqQn5pL0

    • Detect ZGRat V1

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Creates new service(s)

    • Downloads MZ/PE file

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks