Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9c762850f7c6268de0fda0271a8c2eea51d6a913d5d308415de597132ee2bd66

  • Size

    1.5MB

  • Sample

    240611-fjlmkawbjq

  • MD5

    dbb12f3c0aabe1f6b1a07590759b4c78

  • SHA1

    e5a68dec1f8c4404f460a32d14a315ab0861e180

  • SHA256

    9c762850f7c6268de0fda0271a8c2eea51d6a913d5d308415de597132ee2bd66

  • SHA512

    dd8e7b2d64d9a59330eb9383c1e8662a54abd1dc58a6689e26aa9192dff97b72b5e009707eb9f30a3a9d8cb8fe15cd1ba5dccbb11d6b8fb1adf5d1de286b2ef9

  • SSDEEP

    24576:MYFbkIsaPiXSVnC7Yp9zkNmZG8RRln8yzH5Ezj:MYREXSVMDi3ZEzj

Malware Config

Targets

    • Target

      9c762850f7c6268de0fda0271a8c2eea51d6a913d5d308415de597132ee2bd66

    • Size

      1.5MB

    • MD5

      dbb12f3c0aabe1f6b1a07590759b4c78

    • SHA1

      e5a68dec1f8c4404f460a32d14a315ab0861e180

    • SHA256

      9c762850f7c6268de0fda0271a8c2eea51d6a913d5d308415de597132ee2bd66

    • SHA512

      dd8e7b2d64d9a59330eb9383c1e8662a54abd1dc58a6689e26aa9192dff97b72b5e009707eb9f30a3a9d8cb8fe15cd1ba5dccbb11d6b8fb1adf5d1de286b2ef9

    • SSDEEP

      24576:MYFbkIsaPiXSVnC7Yp9zkNmZG8RRln8yzH5Ezj:MYREXSVMDi3ZEzj

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets DLL path for service in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks