Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
25079baacd04d8dcc26348886805479316c2ed5fe9acc32ea685c58a2049f872
-
Size
5.4MB
-
Sample
250311-hh4g4awvby
-
MD5
7f922441616ad9fa5a1cfd87af0f1378
-
SHA1
492509f335de47841b461f1f829296a40fc43165
-
SHA256
25079baacd04d8dcc26348886805479316c2ed5fe9acc32ea685c58a2049f872
-
SHA512
a8776670f572bd68d3c46b907356a0484d75ab7d74d29367c0b3351b7f195ed3e523a95f1d07ceb26b99f6866781c35e9c5db7888becfd14b616042325a304e7
-
SSDEEP
98304:OZJt4HINy2Lk+ZJt4HINy2Lk+ZJt4HINy2Lk+ZJt4HINy2Lk+ZJt4HINy2Lkq:EiINy2LkUiINy2LkUiINy2LkUiINy2LF
Malware Config
Targets
-
-
Target
25079baacd04d8dcc26348886805479316c2ed5fe9acc32ea685c58a2049f872
-
Size
5.4MB
-
MD5
7f922441616ad9fa5a1cfd87af0f1378
-
SHA1
492509f335de47841b461f1f829296a40fc43165
-
SHA256
25079baacd04d8dcc26348886805479316c2ed5fe9acc32ea685c58a2049f872
-
SHA512
a8776670f572bd68d3c46b907356a0484d75ab7d74d29367c0b3351b7f195ed3e523a95f1d07ceb26b99f6866781c35e9c5db7888becfd14b616042325a304e7
-
SSDEEP
98304:OZJt4HINy2Lk+ZJt4HINy2Lk+ZJt4HINy2Lk+ZJt4HINy2Lk+ZJt4HINy2Lkq:EiINy2LkUiINy2LkUiINy2LkUiINy2LF
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1