Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e35a15ca04d1e5f92fa79c0cad074db8_JaffaCakes118

  • Size

    301KB

  • Sample

    240406-1lvcpsbh3t

  • MD5

    e35a15ca04d1e5f92fa79c0cad074db8

  • SHA1

    be3bb8d377c5ec77c581e803cec75cf0069fbd38

  • SHA256

    23879aa68a88edb3bebd0f8eec11692485d6e4113f532b1bee2679b8acb4bb9b

  • SHA512

    0d2c176a31d861fe2a7ab3d6804c2826753d6dc9920e4e5c31c801278df252a71afca557e332279802f548814daa54438fc1468a5fd671948ea7cd3379871dde

  • SSDEEP

    6144:xwbKgevT9FR1eTboMMjNGmhR4EynHZ8uGjJZ9q64VGe4gvzSWOfFpA9FlX:mKgevRL5jVh+EKotZ9SGe4gL3ae

Malware Config

Targets

    • Target

      e35a15ca04d1e5f92fa79c0cad074db8_JaffaCakes118

    • Size

      301KB

    • MD5

      e35a15ca04d1e5f92fa79c0cad074db8

    • SHA1

      be3bb8d377c5ec77c581e803cec75cf0069fbd38

    • SHA256

      23879aa68a88edb3bebd0f8eec11692485d6e4113f532b1bee2679b8acb4bb9b

    • SHA512

      0d2c176a31d861fe2a7ab3d6804c2826753d6dc9920e4e5c31c801278df252a71afca557e332279802f548814daa54438fc1468a5fd671948ea7cd3379871dde

    • SSDEEP

      6144:xwbKgevT9FR1eTboMMjNGmhR4EynHZ8uGjJZ9q64VGe4gvzSWOfFpA9FlX:mKgevRL5jVh+EKotZ9SGe4gL3ae

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks