Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cb0a5fdb343dca01c21291a4bb71fcc6

  • Size

    110KB

  • Sample

    240315-k9pjcseh24

  • MD5

    cb0a5fdb343dca01c21291a4bb71fcc6

  • SHA1

    81dd131126883ad2ad19854998860fe6c72d5894

  • SHA256

    00838dbd77a882db994d926715acd95382284fcc3bbbeea76e8e9fce930c9b30

  • SHA512

    afb17b50a9613f1d53ef92316724bf3040c88b3cf9b68a42f4c74876675f0309d4550ec9bd96b5f5611cc91033028445f0ff57a284c7af4afc1d68f37730b53b

  • SSDEEP

    3072:2U2bqGSyBeA/Cg676EWlrwoBAKWXmuYwbWLydWq5ee:2rbqGSyB1/P676Go6FGwbqydWLe

Malware Config

Targets

    • Target

      cb0a5fdb343dca01c21291a4bb71fcc6

    • Size

      110KB

    • MD5

      cb0a5fdb343dca01c21291a4bb71fcc6

    • SHA1

      81dd131126883ad2ad19854998860fe6c72d5894

    • SHA256

      00838dbd77a882db994d926715acd95382284fcc3bbbeea76e8e9fce930c9b30

    • SHA512

      afb17b50a9613f1d53ef92316724bf3040c88b3cf9b68a42f4c74876675f0309d4550ec9bd96b5f5611cc91033028445f0ff57a284c7af4afc1d68f37730b53b

    • SSDEEP

      3072:2U2bqGSyBeA/Cg676EWlrwoBAKWXmuYwbWLydWq5ee:2rbqGSyB1/P676Go6FGwbqydWLe

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets DLL path for service in the registry

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks