Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    13865eb38ab54fd36a8b649a35671dd98428424ead66fa5b35246567e79a20a5.bin

  • Size

    766KB

  • Sample

    240726-zjjbzsxame

  • MD5

    4a11de9321553f4cae5edf002b9352df

  • SHA1

    18db73e6d8cf084817555daaeeb6e4dba16457ef

  • SHA256

    13865eb38ab54fd36a8b649a35671dd98428424ead66fa5b35246567e79a20a5

  • SHA512

    54c19ca564dcd4935e2f1e4eb8564e6fa9ceefd15df9f0b8935e0e42de46e1b147fc078df8969f4a0700f0aa215193d71f3a513713dbbb85f18ddc90355d2523

  • SSDEEP

    12288:ULlEGwAWQPHNEqI8eT6JgNVJleEKcwnpU3qVfsE3U/ivNb/1oLff9pGHNu4B2Uo9:ClEGwHQPKqIhTRJleEcnpUSpE/iNb1oM

Malware Config

Targets

    • Target

      13865eb38ab54fd36a8b649a35671dd98428424ead66fa5b35246567e79a20a5.bin

    • Size

      766KB

    • MD5

      4a11de9321553f4cae5edf002b9352df

    • SHA1

      18db73e6d8cf084817555daaeeb6e4dba16457ef

    • SHA256

      13865eb38ab54fd36a8b649a35671dd98428424ead66fa5b35246567e79a20a5

    • SHA512

      54c19ca564dcd4935e2f1e4eb8564e6fa9ceefd15df9f0b8935e0e42de46e1b147fc078df8969f4a0700f0aa215193d71f3a513713dbbb85f18ddc90355d2523

    • SSDEEP

      12288:ULlEGwAWQPHNEqI8eT6JgNVJleEKcwnpU3qVfsE3U/ivNb/1oLff9pGHNu4B2Uo9:ClEGwHQPKqIhTRJleEcnpUSpE/iNb1oM

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks