Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-05-31_e64788f0d667518e0b27276423f2a2e5_mafia
-
Size
2.1MB
-
Sample
240531-bqdhbahf61
-
MD5
e64788f0d667518e0b27276423f2a2e5
-
SHA1
d739eada2d559bdb554315239d25846ca3d0879b
-
SHA256
afe8e62b78bc072341f2e19dc8e31d36dbdc66f6057f162e3aeb12884b446323
-
SHA512
4672f6c7cd81e96e538ea963994c354e4a3f7d4ab640e407e481628714a476d1478683f7408ec495d3f36d104d232126688537eea885c016ce3e46d4bbb333e2
-
SSDEEP
49152:3gkg7Ge49gn8erH0r8SWAdikwBG4ITHkGzgghz1jPhPubxS4wo97gqtZE:67Ge49reri8SWAdikwBG4eHkGznzBPVM
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-31_e64788f0d667518e0b27276423f2a2e5_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-31_e64788f0d667518e0b27276423f2a2e5_mafia.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
gh0strat
103.1.40.216
Targets
-
-
Target
2024-05-31_e64788f0d667518e0b27276423f2a2e5_mafia
-
Size
2.1MB
-
MD5
e64788f0d667518e0b27276423f2a2e5
-
SHA1
d739eada2d559bdb554315239d25846ca3d0879b
-
SHA256
afe8e62b78bc072341f2e19dc8e31d36dbdc66f6057f162e3aeb12884b446323
-
SHA512
4672f6c7cd81e96e538ea963994c354e4a3f7d4ab640e407e481628714a476d1478683f7408ec495d3f36d104d232126688537eea885c016ce3e46d4bbb333e2
-
SSDEEP
49152:3gkg7Ge49gn8erH0r8SWAdikwBG4ITHkGzgghz1jPhPubxS4wo97gqtZE:67Ge49reri8SWAdikwBG4eHkGznzBPVM
Score10/10-
Gh0st RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-