Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia
-
Size
3.0MB
-
Sample
240512-a2tg8sgc61
-
MD5
2ecbdd1a3b33b674f621ce440f9c18d3
-
SHA1
a4dadc4d55107a47bd2bd97cd9c5eb3ae4ffb341
-
SHA256
c5a78e1a26d1abe23e3fcf598b01f2c325fd285cf55b9b1456c74953e162ce2a
-
SHA512
7ae731cda93c3f9e8f67e5276b64af2460f6658710c1faa6bc0a6523af3fb7a9bb1204e91090dc276d68a174fdfb83dc8522f496b7b8def14dee13b4b9fb940a
-
SSDEEP
49152:CG+aQoPQFENp83s90AA+Z8+YU3OkuebX+cCPPIth/Tc1ICHouA6k51zCqqyZIJoO:tvmKNp83s90AA+ZAU3Oku6EPPIz/Tc1i
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia
-
Size
3.0MB
-
MD5
2ecbdd1a3b33b674f621ce440f9c18d3
-
SHA1
a4dadc4d55107a47bd2bd97cd9c5eb3ae4ffb341
-
SHA256
c5a78e1a26d1abe23e3fcf598b01f2c325fd285cf55b9b1456c74953e162ce2a
-
SHA512
7ae731cda93c3f9e8f67e5276b64af2460f6658710c1faa6bc0a6523af3fb7a9bb1204e91090dc276d68a174fdfb83dc8522f496b7b8def14dee13b4b9fb940a
-
SSDEEP
49152:CG+aQoPQFENp83s90AA+Z8+YU3OkuebX+cCPPIth/Tc1ICHouA6k51zCqqyZIJoO:tvmKNp83s90AA+ZAU3Oku6EPPIz/Tc1i
-
Gh0st RAT payload
-
Detects executables packed with VMProtect.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-