Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    155135eb7638494d3ed1dbc8b78168bef5efb56a6a88e1f735990bbc005fd67c

  • Size

    1.3MB

  • Sample

    240625-s7n4tayepc

  • MD5

    8348de3526f62752d4e7d82152a825c0

  • SHA1

    ca171e1a2aedb0958f56f0347ec7e980df9e778d

  • SHA256

    155135eb7638494d3ed1dbc8b78168bef5efb56a6a88e1f735990bbc005fd67c

  • SHA512

    df2f3f4973e57abd75d81a23e6910dade7dc96e23391011b62004218a8dd83199f464cb48c5139c272e0d60912e338db15dd05181ab67678b78457e92dd5cd95

  • SSDEEP

    24576:TQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cV7D:TQZAdVyVT9n/Gg0P+Who0

Malware Config

Targets

    • Target

      155135eb7638494d3ed1dbc8b78168bef5efb56a6a88e1f735990bbc005fd67c

    • Size

      1.3MB

    • MD5

      8348de3526f62752d4e7d82152a825c0

    • SHA1

      ca171e1a2aedb0958f56f0347ec7e980df9e778d

    • SHA256

      155135eb7638494d3ed1dbc8b78168bef5efb56a6a88e1f735990bbc005fd67c

    • SHA512

      df2f3f4973e57abd75d81a23e6910dade7dc96e23391011b62004218a8dd83199f464cb48c5139c272e0d60912e338db15dd05181ab67678b78457e92dd5cd95

    • SSDEEP

      24576:TQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cV7D:TQZAdVyVT9n/Gg0P+Who0

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks