Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e074c7a762f4860510b79d3c6aa27c127c444afba4097a01cfe3b5e69cb22d30

  • Size

    6.2MB

  • Sample

    240625-rwqb3aycmn

  • MD5

    5d4107e2ceb8da6b12da51c011cf257e

  • SHA1

    83b6214d980ff924d9e769dc61c1abf39d76ae22

  • SHA256

    e074c7a762f4860510b79d3c6aa27c127c444afba4097a01cfe3b5e69cb22d30

  • SHA512

    7b1f26d6bd94a49c61f36f3f08d26373afe200e7d525b4e1cd6311cbc02e2f6f3a15ca4afdc7fc5179c42c926b7b3b5f3b0e6b5a737c412699c94b0d20223c9e

  • SSDEEP

    196608:6KXbeO7nynB2hGHLyUMX1Cpd7zFIfabt7P:n7thGHLyUMX1CpFzFIfabt7P

Malware Config

Targets

    • Target

      e074c7a762f4860510b79d3c6aa27c127c444afba4097a01cfe3b5e69cb22d30

    • Size

      6.2MB

    • MD5

      5d4107e2ceb8da6b12da51c011cf257e

    • SHA1

      83b6214d980ff924d9e769dc61c1abf39d76ae22

    • SHA256

      e074c7a762f4860510b79d3c6aa27c127c444afba4097a01cfe3b5e69cb22d30

    • SHA512

      7b1f26d6bd94a49c61f36f3f08d26373afe200e7d525b4e1cd6311cbc02e2f6f3a15ca4afdc7fc5179c42c926b7b3b5f3b0e6b5a737c412699c94b0d20223c9e

    • SSDEEP

      196608:6KXbeO7nynB2hGHLyUMX1Cpd7zFIfabt7P:n7thGHLyUMX1CpFzFIfabt7P

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks