Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    82750d35edae71e1409a78deba6d3b65d0815738b48984ae4432fb0f726a8611

  • Size

    13.4MB

  • Sample

    240625-rv3wrsycjm

  • MD5

    464b9c6bca8f458217c26c5a974bc46b

  • SHA1

    143f2cb36054ae91d8092c1072f4478acf78c8aa

  • SHA256

    82750d35edae71e1409a78deba6d3b65d0815738b48984ae4432fb0f726a8611

  • SHA512

    ac50db7344e450527c54c58445482ff1160030d05dd0dbf0dfb7cd6ed24f3bbea054f5cf96e596e54c01d49f954bd374f8ada5f2b15e85c6ba4216c7a60cc293

  • SSDEEP

    196608:dKXbeO7PkwEI3CcdEsnSi4lLq3mEHdmJVgkO:27eI1EsSi4kmEHdme

Malware Config

Targets

    • Target

      82750d35edae71e1409a78deba6d3b65d0815738b48984ae4432fb0f726a8611

    • Size

      13.4MB

    • MD5

      464b9c6bca8f458217c26c5a974bc46b

    • SHA1

      143f2cb36054ae91d8092c1072f4478acf78c8aa

    • SHA256

      82750d35edae71e1409a78deba6d3b65d0815738b48984ae4432fb0f726a8611

    • SHA512

      ac50db7344e450527c54c58445482ff1160030d05dd0dbf0dfb7cd6ed24f3bbea054f5cf96e596e54c01d49f954bd374f8ada5f2b15e85c6ba4216c7a60cc293

    • SSDEEP

      196608:dKXbeO7PkwEI3CcdEsnSi4lLq3mEHdmJVgkO:27eI1EsSi4kmEHdme

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks