Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    093b2510297a5099f8558215c1e860bdc4c9e61f5145ced2f30ecf8a91b35975

  • Size

    1.1MB

  • Sample

    240528-xdarjsgg59

  • MD5

    dfcc258ed7c2c1d0ddbda108b78a1f16

  • SHA1

    4bb1e2d0f5452c8d8d682158bea2cacfd8d80427

  • SHA256

    093b2510297a5099f8558215c1e860bdc4c9e61f5145ced2f30ecf8a91b35975

  • SHA512

    e330e676e803134451e956c9df4c23bee97a26334b5586370084d0909da1595102fdae408819efbc03aaf9f4ab351a208c81721ecd67daf7b0123dfe5068478b

  • SSDEEP

    24576:NEdksIGN71VVbzYEL+5dNmZG8RRl9T7t/Bi:NEywVVvUji3TJBi

Malware Config

Targets

    • Target

      093b2510297a5099f8558215c1e860bdc4c9e61f5145ced2f30ecf8a91b35975

    • Size

      1.1MB

    • MD5

      dfcc258ed7c2c1d0ddbda108b78a1f16

    • SHA1

      4bb1e2d0f5452c8d8d682158bea2cacfd8d80427

    • SHA256

      093b2510297a5099f8558215c1e860bdc4c9e61f5145ced2f30ecf8a91b35975

    • SHA512

      e330e676e803134451e956c9df4c23bee97a26334b5586370084d0909da1595102fdae408819efbc03aaf9f4ab351a208c81721ecd67daf7b0123dfe5068478b

    • SSDEEP

      24576:NEdksIGN71VVbzYEL+5dNmZG8RRl9T7t/Bi:NEywVVvUji3TJBi

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets DLL path for service in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks