Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
13865eb38ab54fd36a8b649a35671dd98428424ead66fa5b35246567e79a20a5.bin
-
Size
766KB
-
Sample
240726-zjjbzsxame
-
MD5
4a11de9321553f4cae5edf002b9352df
-
SHA1
18db73e6d8cf084817555daaeeb6e4dba16457ef
-
SHA256
13865eb38ab54fd36a8b649a35671dd98428424ead66fa5b35246567e79a20a5
-
SHA512
54c19ca564dcd4935e2f1e4eb8564e6fa9ceefd15df9f0b8935e0e42de46e1b147fc078df8969f4a0700f0aa215193d71f3a513713dbbb85f18ddc90355d2523
-
SSDEEP
12288:ULlEGwAWQPHNEqI8eT6JgNVJleEKcwnpU3qVfsE3U/ivNb/1oLff9pGHNu4B2Uo9:ClEGwHQPKqIhTRJleEcnpUSpE/iNb1oM
Malware Config
Targets
-
-
Target
13865eb38ab54fd36a8b649a35671dd98428424ead66fa5b35246567e79a20a5.bin
-
Size
766KB
-
MD5
4a11de9321553f4cae5edf002b9352df
-
SHA1
18db73e6d8cf084817555daaeeb6e4dba16457ef
-
SHA256
13865eb38ab54fd36a8b649a35671dd98428424ead66fa5b35246567e79a20a5
-
SHA512
54c19ca564dcd4935e2f1e4eb8564e6fa9ceefd15df9f0b8935e0e42de46e1b147fc078df8969f4a0700f0aa215193d71f3a513713dbbb85f18ddc90355d2523
-
SSDEEP
12288:ULlEGwAWQPHNEqI8eT6JgNVJleEKcwnpU3qVfsE3U/ivNb/1oLff9pGHNu4B2Uo9:ClEGwHQPKqIhTRJleEcnpUSpE/iNb1oM
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-