Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6e7769e568d74e614b7db671d0dde4fda876c191826d534bebefc59c6f681a1a

  • Size

    415KB

  • Sample

    240422-ykj48sfe3s

  • MD5

    e5275f8122aab0d7a885a8061a48d4be

  • SHA1

    ef0bd3810a033fe75c4037277aa6d5d6f1f1b50b

  • SHA256

    6e7769e568d74e614b7db671d0dde4fda876c191826d534bebefc59c6f681a1a

  • SHA512

    da3ec68b20d7c041e1822392772f9b503d8e45de9f9f22d4a97fb9af31c70e069bb333f2edfd6fb7b7561584c4d7c550fa2cc8271211e13be26fd2cace3dbad3

  • SSDEEP

    6144:VaNECqw6PzNoNBIoZDDf/id53ndJaFxLVZ54gVKsIJ56:VaNd67Ovh+itSLsO6

Malware Config

Targets

    • Target

      6e7769e568d74e614b7db671d0dde4fda876c191826d534bebefc59c6f681a1a

    • Size

      415KB

    • MD5

      e5275f8122aab0d7a885a8061a48d4be

    • SHA1

      ef0bd3810a033fe75c4037277aa6d5d6f1f1b50b

    • SHA256

      6e7769e568d74e614b7db671d0dde4fda876c191826d534bebefc59c6f681a1a

    • SHA512

      da3ec68b20d7c041e1822392772f9b503d8e45de9f9f22d4a97fb9af31c70e069bb333f2edfd6fb7b7561584c4d7c550fa2cc8271211e13be26fd2cace3dbad3

    • SSDEEP

      6144:VaNECqw6PzNoNBIoZDDf/id53ndJaFxLVZ54gVKsIJ56:VaNd67Ovh+itSLsO6

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks