Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a1fe9f566bad4b592b2ed36f835020fd6699cf86d97ebca99e96327d6e9b051e

  • Size

    3.3MB

  • Sample

    240625-t251tatdpl

  • MD5

    d5f42dce7aab3140d26a1ae53ab70f90

  • SHA1

    ad74a58814f7326c003926ef6fbde4ade3376d22

  • SHA256

    a1fe9f566bad4b592b2ed36f835020fd6699cf86d97ebca99e96327d6e9b051e

  • SHA512

    cc3e164e49a9709702aa867a8c22de7dcab3190fe5c0b291b7f7d0a3a4a8bc23d5bf59d6512e582f55aa55bba9c98ec7b12d4fc1b959c77238061487b72e46e0

  • SSDEEP

    49152:3jwsbCANnKXferL7Vwe/Gg0P+WhWXbiuqHjNee:Tws2ANnKXOaeOgmhWrTmjNee

Malware Config

Targets

    • Target

      a1fe9f566bad4b592b2ed36f835020fd6699cf86d97ebca99e96327d6e9b051e

    • Size

      3.3MB

    • MD5

      d5f42dce7aab3140d26a1ae53ab70f90

    • SHA1

      ad74a58814f7326c003926ef6fbde4ade3376d22

    • SHA256

      a1fe9f566bad4b592b2ed36f835020fd6699cf86d97ebca99e96327d6e9b051e

    • SHA512

      cc3e164e49a9709702aa867a8c22de7dcab3190fe5c0b291b7f7d0a3a4a8bc23d5bf59d6512e582f55aa55bba9c98ec7b12d4fc1b959c77238061487b72e46e0

    • SSDEEP

      49152:3jwsbCANnKXferL7Vwe/Gg0P+WhWXbiuqHjNee:Tws2ANnKXOaeOgmhWrTmjNee

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks