Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4d670f8e284671a1bf86ddbb54b67a666695558ad05d6942488683b43da1e0cb

  • Size

    1.3MB

  • Sample

    240703-g9vhts1eqa

  • MD5

    0232a96048e6a39bf89e4cfb6af88c09

  • SHA1

    50dd1ef7219ce6fb60fce48173145b6dbc518932

  • SHA256

    4d670f8e284671a1bf86ddbb54b67a666695558ad05d6942488683b43da1e0cb

  • SHA512

    bb6d5d1fc18e2eeb39a7976325ad39a654942997a68012d20bfbb6755a7c77b420fcd0036bcf2a02a05c39e583e4f47f6e7420c0b04408e8a5e640862380a989

  • SSDEEP

    24576:l09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+8gT:l09XJt4HIN2H2tFvduyS+gT

Malware Config

Targets

    • Target

      4d670f8e284671a1bf86ddbb54b67a666695558ad05d6942488683b43da1e0cb

    • Size

      1.3MB

    • MD5

      0232a96048e6a39bf89e4cfb6af88c09

    • SHA1

      50dd1ef7219ce6fb60fce48173145b6dbc518932

    • SHA256

      4d670f8e284671a1bf86ddbb54b67a666695558ad05d6942488683b43da1e0cb

    • SHA512

      bb6d5d1fc18e2eeb39a7976325ad39a654942997a68012d20bfbb6755a7c77b420fcd0036bcf2a02a05c39e583e4f47f6e7420c0b04408e8a5e640862380a989

    • SSDEEP

      24576:l09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+8gT:l09XJt4HIN2H2tFvduyS+gT

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks