Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a503a1c53d93a1613e8c7988797b7d80N.exe

  • Size

    137KB

  • Sample

    240805-sl8lbszcpp

  • MD5

    a503a1c53d93a1613e8c7988797b7d80

  • SHA1

    1743824d1c620498f5e418bf35d6f1a56a9782f0

  • SHA256

    b891a894f40ef7bff3fd9b33d5128d3edca1ded70daecf39a88027889c21b2d0

  • SHA512

    b2de6c20d2960b09aa44d4e8831c30fe804f2d0aa62d3eddc85c526b58095508697dfe06440340dbb9b694aca8c2be43232c461f22e752a7128477df8d303194

  • SSDEEP

    3072:CR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUuL:H25GgFny61mraF

Malware Config

Targets

    • Target

      a503a1c53d93a1613e8c7988797b7d80N.exe

    • Size

      137KB

    • MD5

      a503a1c53d93a1613e8c7988797b7d80

    • SHA1

      1743824d1c620498f5e418bf35d6f1a56a9782f0

    • SHA256

      b891a894f40ef7bff3fd9b33d5128d3edca1ded70daecf39a88027889c21b2d0

    • SHA512

      b2de6c20d2960b09aa44d4e8831c30fe804f2d0aa62d3eddc85c526b58095508697dfe06440340dbb9b694aca8c2be43232c461f22e752a7128477df8d303194

    • SSDEEP

      3072:CR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUuL:H25GgFny61mraF

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Blocklisted process makes network request

    • Boot or Logon Autostart Execution: Port Monitors

      Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks