Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

75bff99bec...45.exe

windows7-x64

10

75bff99bec...45.exe

windows10-1703-x64

10

75bff99bec...45.exe

windows10-2004-x64

10

75bff99bec...45.exe

windows11-21h2-x64

10

Resubmissions

17/04/2024, 14:54 UTC

240417-r96wzada86 10

17/04/2024, 14:54 UTC

240417-r95znsee4v 10

17/04/2024, 14:54 UTC

240417-r943dada82 10

17/04/2024, 14:54 UTC

240417-r9353sda77 10

17/04/2024, 14:54 UTC

240417-r93jjsee3x 10

15/04/2024, 13:19 UTC

240415-qkln3afc75 10

10/04/2024, 12:02 UTC

240410-n7v5xaeh49 10

10/04/2024, 12:02 UTC

240410-n7vjdaaa8t 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75bff99becc32bcbe56efbe7a75f4d45

  • Size

    7.0MB

  • Sample

    240415-qkln3afc75

  • MD5

    75bff99becc32bcbe56efbe7a75f4d45

  • SHA1

    81bfcc77809161a5254a27d3d4d30548c96fcd5b

  • SHA256

    8c05da461e90984671ffd87f0e4e28e057cca4d32a0569764dcdcce2d545fac2

  • SHA512

    940af628585713a16e685eb5251c0b954bc014460cd4ca33226df2ef260f32af56223eaf1c341862fdf1669c6bafb6e7d9c5efbeb5e437ce5e2fd9905beece69

  • SSDEEP

    49152:uW/1GYdVTXN3r3+LXDIDAKpvuh3jwLN6/VNUKIdI9OiKuDbD2yvAkdm5wrgWX+5z:hXkZL/p

Score
10/10
bitratzgratpersistencerattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

obqdy2u226qjiavs42z4z6zgcf6tefsoxaqzjvohmoy7kafdwgqgjkqd.onion:80

Attributes
  • communication_password

    d93b4f1ee6f5b875a4f7fcef966bd09a

  • tor_process

    WinSock

Targets

    • Target

      75bff99becc32bcbe56efbe7a75f4d45

    • Size

      7.0MB

    • MD5

      75bff99becc32bcbe56efbe7a75f4d45

    • SHA1

      81bfcc77809161a5254a27d3d4d30548c96fcd5b

    • SHA256

      8c05da461e90984671ffd87f0e4e28e057cca4d32a0569764dcdcce2d545fac2

    • SHA512

      940af628585713a16e685eb5251c0b954bc014460cd4ca33226df2ef260f32af56223eaf1c341862fdf1669c6bafb6e7d9c5efbeb5e437ce5e2fd9905beece69

    • SSDEEP

      49152:uW/1GYdVTXN3r3+LXDIDAKpvuh3jwLN6/VNUKIdI9OiKuDbD2yvAkdm5wrgWX+5z:hXkZL/p

    Score
    10/10
    zgratpersistenceratbitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Detect ZGRat V1

    • Modifies WinLogon for persistence

      persistence

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.