Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fb40acdca9c484f7d43b5e2c7ac8e2fcb129fd90fc5d1f549f84f3d283e43533.exe

  • Size

    1.9MB

  • Sample

    240313-ddf4sada85

  • MD5

    541a9d3031657ebc794dc43a70511384

  • SHA1

    1c18826b93532c58a2a20ac1061e4309e7441867

  • SHA256

    fb40acdca9c484f7d43b5e2c7ac8e2fcb129fd90fc5d1f549f84f3d283e43533

  • SHA512

    fd3df8395904bad5ab23ebc1ac21febac8a55ebfe390039cba6b35d47c41963e91cc17f6c2144b024dc1d100528beec5ab6ee337b8181fb7c6630c6fef5e3c22

  • SSDEEP

    24576:s7USn+9Co5+54pIbtNSPouMVMOU93aBOR/UCtN0FSrSOdJw1EgfqBhR5OMqj6oxq:8qIZuMCso1U6Tda1lAeMsynjCM5x6

Malware Config

Targets

    • Target

      fb40acdca9c484f7d43b5e2c7ac8e2fcb129fd90fc5d1f549f84f3d283e43533.exe

    • Size

      1.9MB

    • MD5

      541a9d3031657ebc794dc43a70511384

    • SHA1

      1c18826b93532c58a2a20ac1061e4309e7441867

    • SHA256

      fb40acdca9c484f7d43b5e2c7ac8e2fcb129fd90fc5d1f549f84f3d283e43533

    • SHA512

      fd3df8395904bad5ab23ebc1ac21febac8a55ebfe390039cba6b35d47c41963e91cc17f6c2144b024dc1d100528beec5ab6ee337b8181fb7c6630c6fef5e3c22

    • SSDEEP

      24576:s7USn+9Co5+54pIbtNSPouMVMOU93aBOR/UCtN0FSrSOdJw1EgfqBhR5OMqj6oxq:8qIZuMCso1U6Tda1lAeMsynjCM5x6

    • Detect ZGRat V1

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Detects executables packed with unregistered version of .NET Reactor

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks