Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    280abda44a39525dcc58da2d70e95fdb01745ceec18e3273acfdaf277f901e28

  • Size

    1.3MB

  • Sample

    240625-3rb5es1crh

  • MD5

    b12dc88d16d05e136705c15b457cb2e3

  • SHA1

    6902e078ffd6096069e2a5c0f7c7c6f80fe64e5a

  • SHA256

    280abda44a39525dcc58da2d70e95fdb01745ceec18e3273acfdaf277f901e28

  • SHA512

    a816caacfe6a43acbea3f0cd3400c29afdb4d9382611f830ad2f937203a64203c4d5da87e63b4d73ba91249bb1ee14a529929a95662f0a63a0a7d909ebe8bcb3

  • SSDEEP

    24576:QQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cV0:QQZAdVyVT9n/Gg0P+Who7

Malware Config

Targets

    • Target

      280abda44a39525dcc58da2d70e95fdb01745ceec18e3273acfdaf277f901e28

    • Size

      1.3MB

    • MD5

      b12dc88d16d05e136705c15b457cb2e3

    • SHA1

      6902e078ffd6096069e2a5c0f7c7c6f80fe64e5a

    • SHA256

      280abda44a39525dcc58da2d70e95fdb01745ceec18e3273acfdaf277f901e28

    • SHA512

      a816caacfe6a43acbea3f0cd3400c29afdb4d9382611f830ad2f937203a64203c4d5da87e63b4d73ba91249bb1ee14a529929a95662f0a63a0a7d909ebe8bcb3

    • SSDEEP

      24576:QQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cV0:QQZAdVyVT9n/Gg0P+Who7

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks