Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    707b6f576878ac89c98091274fc1162b6b591f5c7561ce77334a5fcffda4f9de

  • Size

    1.2MB

  • Sample

    250127-3zmk5azmht

  • MD5

    0d246c1971c22b83fc01d6335401672d

  • SHA1

    11e8272622708a04f3fb789e6e58900acb7f0ec0

  • SHA256

    707b6f576878ac89c98091274fc1162b6b591f5c7561ce77334a5fcffda4f9de

  • SHA512

    6c6880b9f6ffa9c8ab898e9da827dd6945a000b070a10ec116838dce617813365279d4189df7426fd2b34bb08f2d3daf98a6bdbc2a90020cfa29228d47f6f538

  • SSDEEP

    24576:nYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9xyzS2jsSZ:nYREXSVMKi3MsSZ

Malware Config

Targets

    • Target

      707b6f576878ac89c98091274fc1162b6b591f5c7561ce77334a5fcffda4f9de

    • Size

      1.2MB

    • MD5

      0d246c1971c22b83fc01d6335401672d

    • SHA1

      11e8272622708a04f3fb789e6e58900acb7f0ec0

    • SHA256

      707b6f576878ac89c98091274fc1162b6b591f5c7561ce77334a5fcffda4f9de

    • SHA512

      6c6880b9f6ffa9c8ab898e9da827dd6945a000b070a10ec116838dce617813365279d4189df7426fd2b34bb08f2d3daf98a6bdbc2a90020cfa29228d47f6f538

    • SSDEEP

      24576:nYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9xyzS2jsSZ:nYREXSVMKi3MsSZ

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Server Software Component: Terminal Services DLL

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks