Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bcff2ad3ed9b7853997c9b63eaccc687d7d35bf69d44b050bce4ff4ecd61c8ac

  • Size

    12.4MB

  • Sample

    240625-wzw18svgkc

  • MD5

    4c98ac510af3819517f9a70b9480365b

  • SHA1

    dd259aa78ff26a831ca1c0447580770e11aaa5bf

  • SHA256

    bcff2ad3ed9b7853997c9b63eaccc687d7d35bf69d44b050bce4ff4ecd61c8ac

  • SHA512

    5b59f93384cb4ae654d850ac688fec5c83e5c019b077cdeab5774f85e78f8748035947bba2b111d741c8c38974535e9efdee74746dd7c9735a1d483a42bbccef

  • SSDEEP

    196608:CKXbeO7AxU7JgljgVIVkbVK0+Gw5s8aPBJVyc9BDalX:f7AFJIIVCVKYw5naPBCc9s9

Malware Config

Targets

    • Target

      bcff2ad3ed9b7853997c9b63eaccc687d7d35bf69d44b050bce4ff4ecd61c8ac

    • Size

      12.4MB

    • MD5

      4c98ac510af3819517f9a70b9480365b

    • SHA1

      dd259aa78ff26a831ca1c0447580770e11aaa5bf

    • SHA256

      bcff2ad3ed9b7853997c9b63eaccc687d7d35bf69d44b050bce4ff4ecd61c8ac

    • SHA512

      5b59f93384cb4ae654d850ac688fec5c83e5c019b077cdeab5774f85e78f8748035947bba2b111d741c8c38974535e9efdee74746dd7c9735a1d483a42bbccef

    • SSDEEP

      196608:CKXbeO7AxU7JgljgVIVkbVK0+Gw5s8aPBJVyc9BDalX:f7AFJIIVCVKYw5naPBCc9s9

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks