Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia

  • Size

    3.0MB

  • Sample

    240512-a2tg8sgc61

  • MD5

    2ecbdd1a3b33b674f621ce440f9c18d3

  • SHA1

    a4dadc4d55107a47bd2bd97cd9c5eb3ae4ffb341

  • SHA256

    c5a78e1a26d1abe23e3fcf598b01f2c325fd285cf55b9b1456c74953e162ce2a

  • SHA512

    7ae731cda93c3f9e8f67e5276b64af2460f6658710c1faa6bc0a6523af3fb7a9bb1204e91090dc276d68a174fdfb83dc8522f496b7b8def14dee13b4b9fb940a

  • SSDEEP

    49152:CG+aQoPQFENp83s90AA+Z8+YU3OkuebX+cCPPIth/Tc1ICHouA6k51zCqqyZIJoO:tvmKNp83s90AA+ZAU3Oku6EPPIz/Tc1i

Score
10/10

Malware Config

Targets

    • Target

      2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia

    • Size

      3.0MB

    • MD5

      2ecbdd1a3b33b674f621ce440f9c18d3

    • SHA1

      a4dadc4d55107a47bd2bd97cd9c5eb3ae4ffb341

    • SHA256

      c5a78e1a26d1abe23e3fcf598b01f2c325fd285cf55b9b1456c74953e162ce2a

    • SHA512

      7ae731cda93c3f9e8f67e5276b64af2460f6658710c1faa6bc0a6523af3fb7a9bb1204e91090dc276d68a174fdfb83dc8522f496b7b8def14dee13b4b9fb940a

    • SSDEEP

      49152:CG+aQoPQFENp83s90AA+Z8+YU3OkuebX+cCPPIth/Tc1ICHouA6k51zCqqyZIJoO:tvmKNp83s90AA+ZAU3Oku6EPPIz/Tc1i

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Detects executables packed with VMProtect.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks