Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    150a83836ed6a4b133e9486b39ad55841f5aac6a43806d1cfae89032b135c294

  • Size

    7.9MB

  • Sample

    240625-n29q4syajb

  • MD5

    8fb60aacdbae702cef6c315966ef338c

  • SHA1

    4935d60a2ee95ddb9c807a52a9d98c28f1331790

  • SHA256

    150a83836ed6a4b133e9486b39ad55841f5aac6a43806d1cfae89032b135c294

  • SHA512

    096e57960aa0c66426555e0899f3ad7c095abc757d136ff5bcf14c5e692a4e6f51a565ddea23dfdd22002bb206e26a3235ee996be29b2112ee7ac6467221e437

  • SSDEEP

    196608:fWT9nO7WymnHhWAwJOwDuEwUdMDSOyIN9fhjtTYIYYmKL+cqCf4J:V7BUWAwJOEujUdM2OyG9VtUIYdHY8

Malware Config

Targets

    • Target

      150a83836ed6a4b133e9486b39ad55841f5aac6a43806d1cfae89032b135c294

    • Size

      7.9MB

    • MD5

      8fb60aacdbae702cef6c315966ef338c

    • SHA1

      4935d60a2ee95ddb9c807a52a9d98c28f1331790

    • SHA256

      150a83836ed6a4b133e9486b39ad55841f5aac6a43806d1cfae89032b135c294

    • SHA512

      096e57960aa0c66426555e0899f3ad7c095abc757d136ff5bcf14c5e692a4e6f51a565ddea23dfdd22002bb206e26a3235ee996be29b2112ee7ac6467221e437

    • SSDEEP

      196608:fWT9nO7WymnHhWAwJOwDuEwUdMDSOyIN9fhjtTYIYYmKL+cqCf4J:V7BUWAwJOEujUdM2OyG9VtUIYdHY8

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks