Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
257b1130666e0dfb13e326ed6c390816b0d891093e3817f1d994cf5b42a5b0ab
-
Size
2.4MB
-
Sample
240327-wv7l6shf86
-
MD5
12401422f17474568a97ad7cf387d7d2
-
SHA1
9f815c5dbe67e1ab23e5cc2bfd10031af8615961
-
SHA256
257b1130666e0dfb13e326ed6c390816b0d891093e3817f1d994cf5b42a5b0ab
-
SHA512
7e0c61820ce6314b6cdf9ab188fbbf87595619489d00a53a4928f5172462b0b4a09aaf794056e7c52955f9bf65cdb4fca11b096a8646534cae5995b6165fdd95
-
SSDEEP
49152:J5OWSx+u+yOBa6mKcsdonzjcmp207yWNAJHmIcm1zCDts883iah6oasKx4e:zOnGaqdozjcmQHWNYmIcm1zC83ia0x
Malware Config
Targets
-
-
Target
257b1130666e0dfb13e326ed6c390816b0d891093e3817f1d994cf5b42a5b0ab
-
Size
2.4MB
-
MD5
12401422f17474568a97ad7cf387d7d2
-
SHA1
9f815c5dbe67e1ab23e5cc2bfd10031af8615961
-
SHA256
257b1130666e0dfb13e326ed6c390816b0d891093e3817f1d994cf5b42a5b0ab
-
SHA512
7e0c61820ce6314b6cdf9ab188fbbf87595619489d00a53a4928f5172462b0b4a09aaf794056e7c52955f9bf65cdb4fca11b096a8646534cae5995b6165fdd95
-
SSDEEP
49152:J5OWSx+u+yOBa6mKcsdonzjcmp207yWNAJHmIcm1zCDts883iah6oasKx4e:zOnGaqdozjcmQHWNYmIcm1zC83ia0x
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-