Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2c471bb650...eb.dll

windows7-x64

10

2c471bb650...eb.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c471bb6500064c76c338a6438c1e9f2059842d447e232eeb078bc9d17bbddeb

  • Size

    899KB

  • Sample

    240723-saj4lawbkn

  • MD5

    9d8824d5e4766336a13e6bcccbd1c2b0

  • SHA1

    ad1bd699e25ec79646565be23b541246b30a4b61

  • SHA256

    2c471bb6500064c76c338a6438c1e9f2059842d447e232eeb078bc9d17bbddeb

  • SHA512

    1a9401f51fac120515e0e619225d424130bfab259a5bc30343f282c52b57d1ca0e791d5d71ace5aea7177c95fac96753fd73be781e7dccac1de57b6996e41cfc

  • SSDEEP

    24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXx:7wqd87Vx

Score
10/10
gh0stratdiscoveryrat

Malware Config

Extracted

Family

gh0strat

C2

hackerinvasion.f3322.net

Targets

    • Target

      2c471bb6500064c76c338a6438c1e9f2059842d447e232eeb078bc9d17bbddeb

    • Size

      899KB

    • MD5

      9d8824d5e4766336a13e6bcccbd1c2b0

    • SHA1

      ad1bd699e25ec79646565be23b541246b30a4b61

    • SHA256

      2c471bb6500064c76c338a6438c1e9f2059842d447e232eeb078bc9d17bbddeb

    • SHA512

      1a9401f51fac120515e0e619225d424130bfab259a5bc30343f282c52b57d1ca0e791d5d71ace5aea7177c95fac96753fd73be781e7dccac1de57b6996e41cfc

    • SSDEEP

      24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXx:7wqd87Vx

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks