Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3ca19ffd709a009ce797a5c3eb20079277e1d4c51e27cb7795b8adb82e3def52

  • Size

    406KB

  • Sample

    240425-e1lhfsfd4s

  • MD5

    2edc987ac839461950867bd2fd0e8895

  • SHA1

    18aaf4861dfaa61de13eed31004ff92fa5d7e065

  • SHA256

    3ca19ffd709a009ce797a5c3eb20079277e1d4c51e27cb7795b8adb82e3def52

  • SHA512

    63dbf325d932e507916b48b90eb4a5c6ece04b4f5dc597b8c2176b6123b5f29ca37ce2f70b2e3a73d2826865391725bc081682e5154f706f9f0eb7b75e17bebe

  • SSDEEP

    6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKrS:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKrS

Malware Config

Targets

    • Target

      3ca19ffd709a009ce797a5c3eb20079277e1d4c51e27cb7795b8adb82e3def52

    • Size

      406KB

    • MD5

      2edc987ac839461950867bd2fd0e8895

    • SHA1

      18aaf4861dfaa61de13eed31004ff92fa5d7e065

    • SHA256

      3ca19ffd709a009ce797a5c3eb20079277e1d4c51e27cb7795b8adb82e3def52

    • SHA512

      63dbf325d932e507916b48b90eb4a5c6ece04b4f5dc597b8c2176b6123b5f29ca37ce2f70b2e3a73d2826865391725bc081682e5154f706f9f0eb7b75e17bebe

    • SSDEEP

      6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKrS:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKrS

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks