Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6a7dbf9cf7f21fd9e36a8f946a9ba32b.bin

  • Size

    288KB

  • Sample

    240314-cv59kagc7y

  • MD5

    bdc974737746a82c8c2652e2d6ecde07

  • SHA1

    02749ca36a732533a495f4873b6ba1480379e85f

  • SHA256

    820c231151b0324c238986c64cc2f190e7d9867e95a88f860133b92cbc2a7867

  • SHA512

    64619a488094b39094d604606e069ce03d503f905619fbd305f5842392c75d692f39ff309df57a19e289441af67ed072a364b32685a029e43e42edd7e4143907

  • SSDEEP

    6144:AVWbKKOkFUGEvZCVi882ItJ2yCQ2euEA5wD7XxxqoEMy:88rOcU1ol0cyd5EwD7xLEMy

Malware Config

Targets

    • Target

      be5e172e023a252269fcfff738377c0ee3de397bee7d44c21d002457ad2ce510.exe

    • Size

      572KB

    • MD5

      6a7dbf9cf7f21fd9e36a8f946a9ba32b

    • SHA1

      08b2d505241bffdf824a9058806ad207cebd6b08

    • SHA256

      be5e172e023a252269fcfff738377c0ee3de397bee7d44c21d002457ad2ce510

    • SHA512

      d167a4596843a7c08e3ea155b2930942dcc4cca1400274578ca6315917264de8e64b0f7412813236d7ff5ab1277f06d64951da3cbaae1b9e58c6618831d138b9

    • SSDEEP

      12288:nruM9FNatyT3gNCpOdn/uVcZNJ7QD7HZ5rbx:q+atynpOd/HzJO7HX

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks