Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cbc81630a275625ef4ec92b3d2aa9574

  • Size

    88KB

  • Sample

    240315-sz8hgsca5y

  • MD5

    cbc81630a275625ef4ec92b3d2aa9574

  • SHA1

    b5df2db238f653b49046f14d61993fd80559dee5

  • SHA256

    cf2048468a1d6681fa7fdcc8b743dac9de44e3a76f48fa24e45b27e518038a52

  • SHA512

    1e3f7a095aaa623ef51e5cdd9a821c792fe63c78bcc94dd908505af5741b819076edb0683759c1f1f81ff8b8829f8674c030462d274ad45fc654a1d9d5d61a4a

  • SSDEEP

    1536:cx5U/NStfwj+mjgC2ycQ/0V2TmCCGqgCenBtgFiGFKq:cfENqwGC2y2kT+Gw4dnq

Malware Config

Targets

    • Target

      cbc81630a275625ef4ec92b3d2aa9574

    • Size

      88KB

    • MD5

      cbc81630a275625ef4ec92b3d2aa9574

    • SHA1

      b5df2db238f653b49046f14d61993fd80559dee5

    • SHA256

      cf2048468a1d6681fa7fdcc8b743dac9de44e3a76f48fa24e45b27e518038a52

    • SHA512

      1e3f7a095aaa623ef51e5cdd9a821c792fe63c78bcc94dd908505af5741b819076edb0683759c1f1f81ff8b8829f8674c030462d274ad45fc654a1d9d5d61a4a

    • SSDEEP

      1536:cx5U/NStfwj+mjgC2ycQ/0V2TmCCGqgCenBtgFiGFKq:cfENqwGC2y2kT+Gw4dnq

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.