Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f2905e464894a700e140b9e407023acd10ac5945f494f685aa7b4b617a81b12

  • Size

    3.7MB

  • Sample

    240625-t6rc8a1eja

  • MD5

    061a4a545d22d5161a132aabd62f929e

  • SHA1

    f8b038c569221a6a699b17dd87bf25956527ebb9

  • SHA256

    1f2905e464894a700e140b9e407023acd10ac5945f494f685aa7b4b617a81b12

  • SHA512

    ba5ea086ca04b25a8f24995c38dc4cd4a3f072fd9f20905c084ee31828c6e51577e35b836d2464408409d574b0864185571ed5c471ca3e0a7fd9c707cde4aab8

  • SSDEEP

    49152:qCwsbCANnKXferL7Vwe/Gg0P+WhIwypVwfAUlE2gkD5JopF20UwdY:9ws2ANnKXOaeOgmhyV0JopF2eq

Malware Config

Targets

    • Target

      1f2905e464894a700e140b9e407023acd10ac5945f494f685aa7b4b617a81b12

    • Size

      3.7MB

    • MD5

      061a4a545d22d5161a132aabd62f929e

    • SHA1

      f8b038c569221a6a699b17dd87bf25956527ebb9

    • SHA256

      1f2905e464894a700e140b9e407023acd10ac5945f494f685aa7b4b617a81b12

    • SHA512

      ba5ea086ca04b25a8f24995c38dc4cd4a3f072fd9f20905c084ee31828c6e51577e35b836d2464408409d574b0864185571ed5c471ca3e0a7fd9c707cde4aab8

    • SSDEEP

      49152:qCwsbCANnKXferL7Vwe/Gg0P+WhIwypVwfAUlE2gkD5JopF20UwdY:9ws2ANnKXOaeOgmhyV0JopF2eq

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks