Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7287f5af085392271fcb8734131b1e21650a7e4aab3726db38dcf0029e0c049e

  • Size

    397KB

  • Sample

    240425-ybvvdadh3y

  • MD5

    e4fda661b7911d752ca0060483e30ce6

  • SHA1

    657634f4b66e662b98f301e3ce68e721edb9d80e

  • SHA256

    7287f5af085392271fcb8734131b1e21650a7e4aab3726db38dcf0029e0c049e

  • SHA512

    7fe7cd136b3d10669831c322f80651678bc6552b7f0dede265a41b095f35d4314ddd460ee7d86cb54d8a84f34eee285fa99a4029e6e52d4227726af75d45e547

  • SSDEEP

    6144:446BCHI5Wdd6OcSXBVBQrUHwGuJWOb+VOpMfwuUodf:b6BwzmOcWBVurURuJWEMYPMf

Malware Config

Targets

    • Target

      7287f5af085392271fcb8734131b1e21650a7e4aab3726db38dcf0029e0c049e

    • Size

      397KB

    • MD5

      e4fda661b7911d752ca0060483e30ce6

    • SHA1

      657634f4b66e662b98f301e3ce68e721edb9d80e

    • SHA256

      7287f5af085392271fcb8734131b1e21650a7e4aab3726db38dcf0029e0c049e

    • SHA512

      7fe7cd136b3d10669831c322f80651678bc6552b7f0dede265a41b095f35d4314ddd460ee7d86cb54d8a84f34eee285fa99a4029e6e52d4227726af75d45e547

    • SSDEEP

      6144:446BCHI5Wdd6OcSXBVBQrUHwGuJWOb+VOpMfwuUodf:b6BwzmOcWBVurURuJWEMYPMf

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks