Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e394a14a73d080089042b9e95e637da9_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240406-3vve6sfc95

  • MD5

    e394a14a73d080089042b9e95e637da9

  • SHA1

    0602144c9481c697526ef986295acf57d00924d9

  • SHA256

    0078aabe8f329b6282f4ab534b50bae580483cee50de7ae29269b953177270de

  • SHA512

    9e4d92ff1d1549e1335c89976a1f2b47417311ff07faa5ac58b28bc3a5ffb9234cb5b9a3efd5b6a894ea0160e9984c48a22c9441a4d9b8d767b9ff9515bf0905

  • SSDEEP

    49152:UbEAlRS6mi3mf38dvoIQcr9DK4YK/u4Neu8GYfZY3CTla:U/lRS6mi3mf38dgfcr9Dbl/uUPYf

Malware Config

Targets

    • Target

      e394a14a73d080089042b9e95e637da9_JaffaCakes118

    • Size

      2.6MB

    • MD5

      e394a14a73d080089042b9e95e637da9

    • SHA1

      0602144c9481c697526ef986295acf57d00924d9

    • SHA256

      0078aabe8f329b6282f4ab534b50bae580483cee50de7ae29269b953177270de

    • SHA512

      9e4d92ff1d1549e1335c89976a1f2b47417311ff07faa5ac58b28bc3a5ffb9234cb5b9a3efd5b6a894ea0160e9984c48a22c9441a4d9b8d767b9ff9515bf0905

    • SSDEEP

      49152:UbEAlRS6mi3mf38dvoIQcr9DK4YK/u4Neu8GYfZY3CTla:U/lRS6mi3mf38dgfcr9Dbl/uUPYf

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks