Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

莫贝1.27...ry.sys

windows7-x64

1

莫贝1.27...ry.sys

windows10-2004-x64

1

莫贝1.27...7A.exe

windows7-x64

10

莫贝1.27...7A.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_378ab45e812820474853490e6ceae9e7

  • Size

    1.5MB

  • Sample

    250301-h52l1svpy8

  • MD5

    378ab45e812820474853490e6ceae9e7

  • SHA1

    3d60d25d9be694187a834ce811c71e0509cfc20b

  • SHA256

    0751b7d9f289669ad5b9b4b29d7e128d055c2720da2da0ef9983cc7843db8719

  • SHA512

    aedcfc6a39caf1cacb1405bd300d26b07963bffd831b46c4e8a3f7f381e18cb15b01fa7a9936bac639ceb017ef2773e727d8aa0c31897e37397991beb4dca0ed

  • SSDEEP

    24576:pGR3HS98NwhdHC90rFFK8hDgYn6pMv5NT55qUUkHoj5VtUIwxJ10G6QvljMWyzPb:pc3HU8NqdHDrFw8xZgUUkHoVVi5T1p6P

Score
10/10
gh0stratdiscoverypersistenceratupx

Malware Config

Targets

    • Target

      莫贝1.27A/superec.ProcessMemory.sys

    • Size

      3KB

    • MD5

      7fc8f430b830c119640c606de9bb907c

    • SHA1

      d9344f89a9d0d6fdc4629f64e8387d86f67b76e0

    • SHA256

      bec02a2c50d37bc4af67b7797230a9ed7018d26170d71becc77e99054e72acec

    • SHA512

      f68bb705b1f33d6f58e93f3b1184a32b588f56d41722372d168b0cada8f54f2838558cd000486983167c4e0fd9a66a6b1ff56a8aacc69dc9573280223c9841f6

    Score
    1/10
    behavioral1behavioral2

    • Target

      莫贝1.27A/莫贝1.27A.exe

    • Size

      2.8MB

    • MD5

      aa33abc410abcd33b5410cd6150cb3f0

    • SHA1

      9d5378a5b7b84aa7fbde1268bb64ed1bbade4541

    • SHA256

      db0c042f2cee58f542f92d09a9fbd0faf9bd15aaa1f597056c02210dc042c3e6

    • SHA512

      423c29a604479856a408ae5c1c2e028e1c9b977ba72f4e50dc77bd4acf6f172134b740d10054d162b0daddd7fa9838ae7c817f9b822e961ad5ffbca3226e44b0

    • SSDEEP

      24576:8q64aDApD1mzPSKkV2FsPPg9VXB0yzGNx212qEIyI+gfUgVrRhqoSp6YeVR5BGb7:8YpDQSwF/9hYcsRvJgfpVXvQRBlydw/

    Score
    10/10
    gh0stratdiscoverypersistenceratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks