Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    29799c47200da42c4748e25d4da12e28b46361ea5ad040249fae89010400b4b0

  • Size

    6.1MB

  • Sample

    240625-1k4vraxfjr

  • MD5

    ee39df823108b1fbdf5f8a2fc08303be

  • SHA1

    3b0c6c4f93b2b9b9c337b08f333b586331bb58e8

  • SHA256

    29799c47200da42c4748e25d4da12e28b46361ea5ad040249fae89010400b4b0

  • SHA512

    20d10e206ee6b97c101c1c235b198db1cde50017a5fd07aa903d39206dcf65e6e6e0b3b12b9ff578a6cacba2fc0adea7e333c6ec7fb8d7221feaa1e53f415504

  • SSDEEP

    98304:T2SVMD8/5+xT6QuTTAVVzArOSqeDalc6da:zjVQuYrc9BDaly

Malware Config

Targets

    • Target

      29799c47200da42c4748e25d4da12e28b46361ea5ad040249fae89010400b4b0

    • Size

      6.1MB

    • MD5

      ee39df823108b1fbdf5f8a2fc08303be

    • SHA1

      3b0c6c4f93b2b9b9c337b08f333b586331bb58e8

    • SHA256

      29799c47200da42c4748e25d4da12e28b46361ea5ad040249fae89010400b4b0

    • SHA512

      20d10e206ee6b97c101c1c235b198db1cde50017a5fd07aa903d39206dcf65e6e6e0b3b12b9ff578a6cacba2fc0adea7e333c6ec7fb8d7221feaa1e53f415504

    • SSDEEP

      98304:T2SVMD8/5+xT6QuTTAVVzArOSqeDalc6da:zjVQuYrc9BDaly

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Server Software Component: Terminal Services DLL

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks