Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cd30f88e89ee85373e600a49135e33d0N.exe

  • Size

    57KB

  • Sample

    240903-xf6l1atdrr

  • MD5

    cd30f88e89ee85373e600a49135e33d0

  • SHA1

    7ac7ecac09dea116f3ba2d5ca5e5fabc4753459a

  • SHA256

    7da5ecbfb0b28ce880472cce4e181034aab91f33bd640fdde00d386ec196aafb

  • SHA512

    6ad92b86a4c98647c2fb463cefd74b57f93dca6b2535824a849163cc05b62e69706a48c05ba0217a34cf3fec84c9197f90c81fe5033cd28a3d8b49b633856627

  • SSDEEP

    1536:Jqcc9KoCN2F/NDieophAtVuG7mcof/qIIZMdeRSSJAE:Js9K32JNDielVxmq4dSJAE

Malware Config

Targets

    • Target

      cd30f88e89ee85373e600a49135e33d0N.exe

    • Size

      57KB

    • MD5

      cd30f88e89ee85373e600a49135e33d0

    • SHA1

      7ac7ecac09dea116f3ba2d5ca5e5fabc4753459a

    • SHA256

      7da5ecbfb0b28ce880472cce4e181034aab91f33bd640fdde00d386ec196aafb

    • SHA512

      6ad92b86a4c98647c2fb463cefd74b57f93dca6b2535824a849163cc05b62e69706a48c05ba0217a34cf3fec84c9197f90c81fe5033cd28a3d8b49b633856627

    • SSDEEP

      1536:Jqcc9KoCN2F/NDieophAtVuG7mcof/qIIZMdeRSSJAE:Js9K32JNDielVxmq4dSJAE

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks