Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3b9a2493a8c1ab1d035392cd58d5b1a46350283cb0e7607b6682e6891212344b

  • Size

    220KB

  • Sample

    240504-2bq3zage37

  • MD5

    92fa12fb096542d9240623d6e53626a6

  • SHA1

    8c47c486776222ca90128218767f225b1a2b4bec

  • SHA256

    3b9a2493a8c1ab1d035392cd58d5b1a46350283cb0e7607b6682e6891212344b

  • SHA512

    58565210a904e7674a88e71eb58a7aeeba7813d2e1193764c9471651887107fbcaa35a8755e95120272a6e950fdd7ac24651c4d2b6c5e4a3643c6737f5c6eacc

  • SSDEEP

    3072:c+HDVTtkdiAojheSc5ch491vxqHMkumn0lBE4vvaPc5nm7gynXVpXnRzv8Ri7:jHR8iAoNbc5+4z4z45nGgyXVb

Malware Config

Targets

    • Target

      3b9a2493a8c1ab1d035392cd58d5b1a46350283cb0e7607b6682e6891212344b

    • Size

      220KB

    • MD5

      92fa12fb096542d9240623d6e53626a6

    • SHA1

      8c47c486776222ca90128218767f225b1a2b4bec

    • SHA256

      3b9a2493a8c1ab1d035392cd58d5b1a46350283cb0e7607b6682e6891212344b

    • SHA512

      58565210a904e7674a88e71eb58a7aeeba7813d2e1193764c9471651887107fbcaa35a8755e95120272a6e950fdd7ac24651c4d2b6c5e4a3643c6737f5c6eacc

    • SSDEEP

      3072:c+HDVTtkdiAojheSc5ch491vxqHMkumn0lBE4vvaPc5nm7gynXVpXnRzv8Ri7:jHR8iAoNbc5+4z4z45nGgyXVb

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Detects executables embedding registry key / value combination manipulating RDP / Terminal Services

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks