Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1433.exe

  • Size

    353KB

  • Sample

    241204-dfswcstnak

  • MD5

    63573bb58c5b28cc5671cf7b121671c7

  • SHA1

    79ca6878a2fae339bd8abbc0f3b42a2516d74779

  • SHA256

    cc5a84f68a4bc2303461ba75506ce239a3128f7a3b3068e663c16d2fb6336edb

  • SHA512

    fa9864f8e5d8e104d5f9e6c0ffdb820dd9e7ef365fa856d9903e735d9c36105530baf24fbb1e3e2025e10d2eff54d7cba7f4ef8f42af00ffbdb62cb9f76eea8f

  • SSDEEP

    6144:qmBZ5WcNancq4m8Jm50HkbIn9tskARz/pkkYLZxYYWz3mvxo:LBZ5WcYnBH8Jm5Fg9tskAt/pkbrYYWzD

Malware Config

Extracted

Family

redosdru

C2

http://38.60.95.6/NetSyst96.dll

Targets

    • Target

      1433.exe

    • Size

      353KB

    • MD5

      63573bb58c5b28cc5671cf7b121671c7

    • SHA1

      79ca6878a2fae339bd8abbc0f3b42a2516d74779

    • SHA256

      cc5a84f68a4bc2303461ba75506ce239a3128f7a3b3068e663c16d2fb6336edb

    • SHA512

      fa9864f8e5d8e104d5f9e6c0ffdb820dd9e7ef365fa856d9903e735d9c36105530baf24fbb1e3e2025e10d2eff54d7cba7f4ef8f42af00ffbdb62cb9f76eea8f

    • SSDEEP

      6144:qmBZ5WcNancq4m8Jm50HkbIn9tskARz/pkkYLZxYYWz3mvxo:LBZ5WcYnBH8Jm5Fg9tskAt/pkbrYYWzD

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Redosdru

      Redosdru is a loader/downloader written in C++.

    • Redosdru family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks