Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bd8c1729691d491ce0c024da59c451ab7e043f3fb82e8541b5472a65f16798ac

  • Size

    2.8MB

  • Sample

    240614-jf1tvszgqh

  • MD5

    d276911e8ee2892f59dbb482fcc666d9

  • SHA1

    c8c3059dcbfac2493969b0d2f4408296836d5d16

  • SHA256

    bd8c1729691d491ce0c024da59c451ab7e043f3fb82e8541b5472a65f16798ac

  • SHA512

    f6d654978be8f237f45b0954f13e301a349a017f95f53ef06a9a49644a8aef59073f7a5ff1e9d6075e3c3ec9aa1d7af9cf7c4272978db8968858e73f418d2ea2

  • SSDEEP

    49152:PCwsbCANnKXferL7Vwe/Gg0P+Wh42v+Ky:aws2ANnKXOaeOgmh4q+Ky

Malware Config

Targets

    • Target

      bd8c1729691d491ce0c024da59c451ab7e043f3fb82e8541b5472a65f16798ac

    • Size

      2.8MB

    • MD5

      d276911e8ee2892f59dbb482fcc666d9

    • SHA1

      c8c3059dcbfac2493969b0d2f4408296836d5d16

    • SHA256

      bd8c1729691d491ce0c024da59c451ab7e043f3fb82e8541b5472a65f16798ac

    • SHA512

      f6d654978be8f237f45b0954f13e301a349a017f95f53ef06a9a49644a8aef59073f7a5ff1e9d6075e3c3ec9aa1d7af9cf7c4272978db8968858e73f418d2ea2

    • SSDEEP

      49152:PCwsbCANnKXferL7Vwe/Gg0P+Wh42v+Ky:aws2ANnKXOaeOgmh4q+Ky

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks