Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bcc8f86ef4ffafa186ce6fafcb1684da8e99205709e2766fdf6e9205994fc910

  • Size

    2.4MB

  • Sample

    240627-2mlmmavhmd

  • MD5

    f8f76bcf92d471334e77f891c17fba64

  • SHA1

    360ec16bba09b03ca65c00382849ebea4aeb62d3

  • SHA256

    bcc8f86ef4ffafa186ce6fafcb1684da8e99205709e2766fdf6e9205994fc910

  • SHA512

    70b00d97d0dacfe25ba0430172e40d6534118ff0f48d73731eaae4e1041778af7b49153df7c4e3eb1e5bb13c37635568bf6ef1ab88d317d66129fb72ac623504

  • SSDEEP

    49152:/qvqHgWVpi0bnnVgQXDifMQ64bB5mGwFZyXD0hL5THoea:/aqHtVM2iQXtQjZAhJa

Malware Config

Targets

    • Target

      bcc8f86ef4ffafa186ce6fafcb1684da8e99205709e2766fdf6e9205994fc910

    • Size

      2.4MB

    • MD5

      f8f76bcf92d471334e77f891c17fba64

    • SHA1

      360ec16bba09b03ca65c00382849ebea4aeb62d3

    • SHA256

      bcc8f86ef4ffafa186ce6fafcb1684da8e99205709e2766fdf6e9205994fc910

    • SHA512

      70b00d97d0dacfe25ba0430172e40d6534118ff0f48d73731eaae4e1041778af7b49153df7c4e3eb1e5bb13c37635568bf6ef1ab88d317d66129fb72ac623504

    • SSDEEP

      49152:/qvqHgWVpi0bnnVgQXDifMQ64bB5mGwFZyXD0hL5THoea:/aqHtVM2iQXtQjZAhJa

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks