Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    df1ecb1fc2d0480ef5a0e569543d14e9.bin

  • Size

    287KB

  • Sample

    240424-cescrseb32

  • MD5

    533e8220f03e14216f7383deea09df9b

  • SHA1

    b44f5c4b8a7638e310297a6c6ca4a74eb2180b76

  • SHA256

    e9706e774af162b86adb35a68d6b2118c91324661ccc1d3763287f37f18baf95

  • SHA512

    12f88fbaaf0e610ca666b615622257a33ffda987a515c5a96b0ed62e492933b2164050200dacdde60ab71a537060520b4d99d4f5741b488d8f3153febad4ee2b

  • SSDEEP

    6144:qJ5wIfmUH5lPDCrn+qtDNVIMv23bMBSJQEa7yAAmIaNzetPJQdWFibu1h:w5wIfmUZIiqpIMOY7lLBeItCP

Malware Config

Targets

    • Target

      136aff853514ca7aba662cc26bc54cfb92d58e6477752ce3a8948ff9f1117499.exe

    • Size

      414KB

    • MD5

      df1ecb1fc2d0480ef5a0e569543d14e9

    • SHA1

      8c90b5a6caab28b852cde352011752cb2761fdf9

    • SHA256

      136aff853514ca7aba662cc26bc54cfb92d58e6477752ce3a8948ff9f1117499

    • SHA512

      4e8af41bdd90a6a2f2008be558041678608761703bbbd4f08a55ff1305464319bb96cbd53071c71f83a73ee6d1189a3a3aa3c91e69c3aae9626e3e209671aad4

    • SSDEEP

      6144:GaNowv7MR+dM+A4K3Kc8Y2Yem0IuONlLfiFtDgjTUGU6J54:GaNPv7Q+72K4eYrlLQDg0xo4

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks