Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d8a2d92eeedda7214767ae29df6fae9e8793f9207a26db3bd346af2d3d50cbca.exe

  • Size

    3.5MB

  • Sample

    240311-cvqh4sae3z

  • MD5

    1b386f1c6ccf7750b146172492951092

  • SHA1

    fa4ebd833978504374bbf60ce568b5937ee60ed7

  • SHA256

    d8a2d92eeedda7214767ae29df6fae9e8793f9207a26db3bd346af2d3d50cbca

  • SHA512

    0ea7a2560ba07013f37230a35695eacb72dbdfc85fbcacfda49a6cd71e10e2835f2670f70017f00942f329f86ae5a17433b8d4ea51a94ae9cbc983eed7cc356d

  • SSDEEP

    98304:g1tWjfqEY30GmmBJgTnOgXO3DxtRQUFwX:g1tWjyETaJgTnOgXIxtqQw

Malware Config

Targets

    • Target

      d8a2d92eeedda7214767ae29df6fae9e8793f9207a26db3bd346af2d3d50cbca.exe

    • Size

      3.5MB

    • MD5

      1b386f1c6ccf7750b146172492951092

    • SHA1

      fa4ebd833978504374bbf60ce568b5937ee60ed7

    • SHA256

      d8a2d92eeedda7214767ae29df6fae9e8793f9207a26db3bd346af2d3d50cbca

    • SHA512

      0ea7a2560ba07013f37230a35695eacb72dbdfc85fbcacfda49a6cd71e10e2835f2670f70017f00942f329f86ae5a17433b8d4ea51a94ae9cbc983eed7cc356d

    • SSDEEP

      98304:g1tWjfqEY30GmmBJgTnOgXO3DxtRQUFwX:g1tWjyETaJgTnOgXIxtqQw

    • Detect ZGRat V1

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Detects executables packed with unregistered version of .NET Reactor

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks