Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    25ac52feb32cb6a749e08972d5b0a686f8a1e674496c9147cb23bb6c3d095114

  • Size

    1.6MB

  • Sample

    240624-ebyrgswfqg

  • MD5

    1fcea600b31caa6afe38f274dbc26fdd

  • SHA1

    5f2306ae3943c7a73faef47660441d6ca071e13b

  • SHA256

    25ac52feb32cb6a749e08972d5b0a686f8a1e674496c9147cb23bb6c3d095114

  • SHA512

    e29506855d461eeb3db0687862386df8eb9d2a60bd3414f1cba955a802a139254cbac4b6f275996e8e6efb4e10952192ac162d80c6da390a6c5e33eb9b007b4b

  • SSDEEP

    24576:IYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9QyzHSy1x:IYREXSVMKi3ck

Malware Config

Targets

    • Target

      25ac52feb32cb6a749e08972d5b0a686f8a1e674496c9147cb23bb6c3d095114

    • Size

      1.6MB

    • MD5

      1fcea600b31caa6afe38f274dbc26fdd

    • SHA1

      5f2306ae3943c7a73faef47660441d6ca071e13b

    • SHA256

      25ac52feb32cb6a749e08972d5b0a686f8a1e674496c9147cb23bb6c3d095114

    • SHA512

      e29506855d461eeb3db0687862386df8eb9d2a60bd3414f1cba955a802a139254cbac4b6f275996e8e6efb4e10952192ac162d80c6da390a6c5e33eb9b007b4b

    • SSDEEP

      24576:IYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9QyzHSy1x:IYREXSVMKi3ck

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Server Software Component: Terminal Services DLL

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks