Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e5861c9855f07bf88e45d68f63be6b21_JaffaCakes118

  • Size

    532KB

  • Sample

    240407-wkpcvaag25

  • MD5

    e5861c9855f07bf88e45d68f63be6b21

  • SHA1

    3ce710dfdc623f730b5634561b2068065c82862c

  • SHA256

    1182476a9f2eca86962422104ebd444d9076df8d13eb07aaed33871636616faf

  • SHA512

    2033a2933ebd0e69b462f3a009a96b06cf46f26e94574323f433ad296f18f348c5a23953607ffa943f7bef938780a7041852fd88a4e7006b25d6a452af99c60c

  • SSDEEP

    12288:Mdt4O//HR3PaIbGLxe0DdlfEES1wH2FYa4ahWMIkqSyn9kA2i7bYsN:inHR3PaIMx7DIPwHWnxjOSynuxi/n

Malware Config

Targets

    • Target

      e5861c9855f07bf88e45d68f63be6b21_JaffaCakes118

    • Size

      532KB

    • MD5

      e5861c9855f07bf88e45d68f63be6b21

    • SHA1

      3ce710dfdc623f730b5634561b2068065c82862c

    • SHA256

      1182476a9f2eca86962422104ebd444d9076df8d13eb07aaed33871636616faf

    • SHA512

      2033a2933ebd0e69b462f3a009a96b06cf46f26e94574323f433ad296f18f348c5a23953607ffa943f7bef938780a7041852fd88a4e7006b25d6a452af99c60c

    • SSDEEP

      12288:Mdt4O//HR3PaIbGLxe0DdlfEES1wH2FYa4ahWMIkqSyn9kA2i7bYsN:inHR3PaIMx7DIPwHWnxjOSynuxi/n

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets DLL path for service in the registry

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks