Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1433.exe
-
Size
353KB
-
Sample
241204-dfswcstnak
-
MD5
63573bb58c5b28cc5671cf7b121671c7
-
SHA1
79ca6878a2fae339bd8abbc0f3b42a2516d74779
-
SHA256
cc5a84f68a4bc2303461ba75506ce239a3128f7a3b3068e663c16d2fb6336edb
-
SHA512
fa9864f8e5d8e104d5f9e6c0ffdb820dd9e7ef365fa856d9903e735d9c36105530baf24fbb1e3e2025e10d2eff54d7cba7f4ef8f42af00ffbdb62cb9f76eea8f
-
SSDEEP
6144:qmBZ5WcNancq4m8Jm50HkbIn9tskARz/pkkYLZxYYWz3mvxo:LBZ5WcYnBH8Jm5Fg9tskAt/pkbrYYWzD
Behavioral task
behavioral1
Sample
1433.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Extracted
redosdru
http://38.60.95.6/NetSyst96.dll
Targets
-
-
Target
1433.exe
-
Size
353KB
-
MD5
63573bb58c5b28cc5671cf7b121671c7
-
SHA1
79ca6878a2fae339bd8abbc0f3b42a2516d74779
-
SHA256
cc5a84f68a4bc2303461ba75506ce239a3128f7a3b3068e663c16d2fb6336edb
-
SHA512
fa9864f8e5d8e104d5f9e6c0ffdb820dd9e7ef365fa856d9903e735d9c36105530baf24fbb1e3e2025e10d2eff54d7cba7f4ef8f42af00ffbdb62cb9f76eea8f
-
SSDEEP
6144:qmBZ5WcNancq4m8Jm50HkbIn9tskARz/pkkYLZxYYWz3mvxo:LBZ5WcYnBH8Jm5Fg9tskAt/pkbrYYWzD
-
Gh0st RAT payload
-
Gh0strat family
-
Redosdru family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-