Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    235c7ff01ab81d9927f58c78e18f0a701bafcc930a23fe9c4538e87cc3464f7b

  • Size

    2.9MB

  • Sample

    240625-p47vzatfpl

  • MD5

    206b66b9546175f96273a051618c183e

  • SHA1

    14eaef74a6d48de2ef04daaccca4165ed2bedb30

  • SHA256

    235c7ff01ab81d9927f58c78e18f0a701bafcc930a23fe9c4538e87cc3464f7b

  • SHA512

    e791dfa4e8090f6a9bac6718b7dc9b7221d5c68478bee2bbd43f41b691ecd044932706f95ce550d29018fd59c89da6d9b3474a86475712d8f4ac3191cf7c98da

  • SSDEEP

    49152:4CwsbCANnKXferL7Vwe/Gg0P+WhXKSIPXg3sm:Tws2ANnKXOaeOgmhXKSIPWsm

Malware Config

Targets

    • Target

      235c7ff01ab81d9927f58c78e18f0a701bafcc930a23fe9c4538e87cc3464f7b

    • Size

      2.9MB

    • MD5

      206b66b9546175f96273a051618c183e

    • SHA1

      14eaef74a6d48de2ef04daaccca4165ed2bedb30

    • SHA256

      235c7ff01ab81d9927f58c78e18f0a701bafcc930a23fe9c4538e87cc3464f7b

    • SHA512

      e791dfa4e8090f6a9bac6718b7dc9b7221d5c68478bee2bbd43f41b691ecd044932706f95ce550d29018fd59c89da6d9b3474a86475712d8f4ac3191cf7c98da

    • SSDEEP

      49152:4CwsbCANnKXferL7Vwe/Gg0P+WhXKSIPXg3sm:Tws2ANnKXOaeOgmhXKSIPWsm

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks