Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a660402c3e...cb.exe

windows7-x64

10

a660402c3e...cb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a660402c3ec33238923e269b42265e0641bfc3c52aeb807161c50365fe9828cb

  • Size

    1.1MB

  • Sample

    240625-yxkljasgrn

  • MD5

    37d5cd829fae7ba9f45ba8c3ffbb12fc

  • SHA1

    0ea6a97c2a45edf4fcf5e5abe965e354fc85bea7

  • SHA256

    a660402c3ec33238923e269b42265e0641bfc3c52aeb807161c50365fe9828cb

  • SHA512

    5081ea56ffc54c6c9fbe8020d58b8a6170c64fba74eefccdd8cb10a07696ee55de1b5dacd66133d099b1c4a8ee055f2b8fadd0246bb195f34c42035be75ae785

  • SSDEEP

    24576:SYFbkIsaPiXSVnC7Yp9zkNmZG8RRlngyzvE2b9:SYREXSVMDi3TE2b9

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      a660402c3ec33238923e269b42265e0641bfc3c52aeb807161c50365fe9828cb

    • Size

      1.1MB

    • MD5

      37d5cd829fae7ba9f45ba8c3ffbb12fc

    • SHA1

      0ea6a97c2a45edf4fcf5e5abe965e354fc85bea7

    • SHA256

      a660402c3ec33238923e269b42265e0641bfc3c52aeb807161c50365fe9828cb

    • SHA512

      5081ea56ffc54c6c9fbe8020d58b8a6170c64fba74eefccdd8cb10a07696ee55de1b5dacd66133d099b1c4a8ee055f2b8fadd0246bb195f34c42035be75ae785

    • SSDEEP

      24576:SYFbkIsaPiXSVnC7Yp9zkNmZG8RRlngyzvE2b9:SYREXSVMDi3TE2b9

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks