Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105

  • Size

    60KB

  • Sample

    241022-raapgszhkn

  • MD5

    90d83bbad8110780e90b8f0beab172f9

  • SHA1

    0ced0e716b07945787bf78ae6296a5f24bfdbe59

  • SHA256

    c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105

  • SHA512

    92d4a6697644925176852c2b43bf297b16afadc2a993c135b5aa9df3c74a280bfb7cde883c6bf5c8b06202ff55168997dcf89ef2e791a3aeaca3cb09b6ac7707

  • SSDEEP

    768:3e1iZNbQAKrWGOkGQeN70ZqL378KBBmbUt4i:36iZNer5GQvkUath

Malware Config

Extracted

Family

redosdru

C2

http://xiazai.caobibibi.com:7744/8.77.dll

Targets

    • Target

      c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105

    • Size

      60KB

    • MD5

      90d83bbad8110780e90b8f0beab172f9

    • SHA1

      0ced0e716b07945787bf78ae6296a5f24bfdbe59

    • SHA256

      c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105

    • SHA512

      92d4a6697644925176852c2b43bf297b16afadc2a993c135b5aa9df3c74a280bfb7cde883c6bf5c8b06202ff55168997dcf89ef2e791a3aeaca3cb09b6ac7707

    • SSDEEP

      768:3e1iZNbQAKrWGOkGQeN70ZqL378KBBmbUt4i:36iZNer5GQvkUath

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Redosdru

      Redosdru is a loader/downloader written in C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks