Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bf715a162d58532ff68e58bde821ffb9f2f080d980f0db4c5b6f1fa12906ad1fN

  • Size

    137KB

  • Sample

    240928-f776gazajq

  • MD5

    7e74a8bda81ef61a2fc3055c2d6e1c70

  • SHA1

    2c52f9c919db775de2ecded610699d6d2a27cbde

  • SHA256

    bf715a162d58532ff68e58bde821ffb9f2f080d980f0db4c5b6f1fa12906ad1f

  • SHA512

    835c4a4b1f0ef58da561720910a1ad8b1369cddc90d0acb6cb17728d7c717ce82199414c52f4dd0c69b7ad9f313c2eb2bab76a6a220ed4e8ef9a66e769169f60

  • SSDEEP

    3072:uR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUun:725GgFny61mraR

Malware Config

Targets

    • Target

      bf715a162d58532ff68e58bde821ffb9f2f080d980f0db4c5b6f1fa12906ad1fN

    • Size

      137KB

    • MD5

      7e74a8bda81ef61a2fc3055c2d6e1c70

    • SHA1

      2c52f9c919db775de2ecded610699d6d2a27cbde

    • SHA256

      bf715a162d58532ff68e58bde821ffb9f2f080d980f0db4c5b6f1fa12906ad1f

    • SHA512

      835c4a4b1f0ef58da561720910a1ad8b1369cddc90d0acb6cb17728d7c717ce82199414c52f4dd0c69b7ad9f313c2eb2bab76a6a220ed4e8ef9a66e769169f60

    • SSDEEP

      3072:uR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUun:725GgFny61mraR

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Boot or Logon Autostart Execution: Port Monitors

      Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks