Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cbc81630a275625ef4ec92b3d2aa9574

  • Size

    88KB

  • Sample

    240315-sz8hgsca5y

  • MD5

    cbc81630a275625ef4ec92b3d2aa9574

  • SHA1

    b5df2db238f653b49046f14d61993fd80559dee5

  • SHA256

    cf2048468a1d6681fa7fdcc8b743dac9de44e3a76f48fa24e45b27e518038a52

  • SHA512

    1e3f7a095aaa623ef51e5cdd9a821c792fe63c78bcc94dd908505af5741b819076edb0683759c1f1f81ff8b8829f8674c030462d274ad45fc654a1d9d5d61a4a

  • SSDEEP

    1536:cx5U/NStfwj+mjgC2ycQ/0V2TmCCGqgCenBtgFiGFKq:cfENqwGC2y2kT+Gw4dnq

Malware Config

Targets

    • Target

      cbc81630a275625ef4ec92b3d2aa9574

    • Size

      88KB

    • MD5

      cbc81630a275625ef4ec92b3d2aa9574

    • SHA1

      b5df2db238f653b49046f14d61993fd80559dee5

    • SHA256

      cf2048468a1d6681fa7fdcc8b743dac9de44e3a76f48fa24e45b27e518038a52

    • SHA512

      1e3f7a095aaa623ef51e5cdd9a821c792fe63c78bcc94dd908505af5741b819076edb0683759c1f1f81ff8b8829f8674c030462d274ad45fc654a1d9d5d61a4a

    • SSDEEP

      1536:cx5U/NStfwj+mjgC2ycQ/0V2TmCCGqgCenBtgFiGFKq:cfENqwGC2y2kT+Gw4dnq

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks