Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1e66433493d9aad550a2febe2433bd117129e968b055841c7ae1997369ac0511.exe

  • Size

    694KB

  • Sample

    240307-ckxvfaeb61

  • MD5

    9bae6d3afb22e8f8c8aba60f652d55ec

  • SHA1

    9d909c53191dad75c84c75067594bd470cf34dac

  • SHA256

    1e66433493d9aad550a2febe2433bd117129e968b055841c7ae1997369ac0511

  • SHA512

    c664c37247e6a5209581a6be63ced107d98937ba119ca6a2dec2bda9cfb48dea751083f0c4e86026fc9d05c2b5cb76a68375c90095d0491152b695678bccc992

  • SSDEEP

    12288:tsQ4ZUXCJVkKs1Xx83mSsFhtFrnQbWWODTDBAYL/u5cvprvhrmYTl39521aV:todVknRxQBsFrFrnjtDT1AYL/Gkprvh3

Score
10/10

Malware Config

Targets

    • Target

      1e66433493d9aad550a2febe2433bd117129e968b055841c7ae1997369ac0511.exe

    • Size

      694KB

    • MD5

      9bae6d3afb22e8f8c8aba60f652d55ec

    • SHA1

      9d909c53191dad75c84c75067594bd470cf34dac

    • SHA256

      1e66433493d9aad550a2febe2433bd117129e968b055841c7ae1997369ac0511

    • SHA512

      c664c37247e6a5209581a6be63ced107d98937ba119ca6a2dec2bda9cfb48dea751083f0c4e86026fc9d05c2b5cb76a68375c90095d0491152b695678bccc992

    • SSDEEP

      12288:tsQ4ZUXCJVkKs1Xx83mSsFhtFrnQbWWODTDBAYL/u5cvprvhrmYTl39521aV:todVknRxQBsFrFrnjtDT1AYL/Gkprvh3

    Score
    10/10
    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Detects executables packed with unregistered version of .NET Reactor

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks