Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f7d241943e9cbac7826004030dae544c_JaffaCakes118

  • Size

    110KB

  • Sample

    240418-mp13rsaf23

  • MD5

    f7d241943e9cbac7826004030dae544c

  • SHA1

    90901a8ff22e77f0364ed448693899719155519d

  • SHA256

    7609528360031e059e3b8e844fe52c0ca63f3a24265df3c6e7cb693a9b184565

  • SHA512

    c253c9607a01e7f59d6799a313d73475b604e2d35059fd79a12042351a03c93deef75f7770366262a8a710c9e0f0727813720f10adfc7eff41b2ce81dfd693c2

  • SSDEEP

    3072:MwMRjDPFSyBDuG+zw01R9P6MDwMFBAKsg9uYwbh7yHpq5X:b8jDdSyBCG6w01+pG6ojwbRyHpm

Malware Config

Targets

    • Target

      f7d241943e9cbac7826004030dae544c_JaffaCakes118

    • Size

      110KB

    • MD5

      f7d241943e9cbac7826004030dae544c

    • SHA1

      90901a8ff22e77f0364ed448693899719155519d

    • SHA256

      7609528360031e059e3b8e844fe52c0ca63f3a24265df3c6e7cb693a9b184565

    • SHA512

      c253c9607a01e7f59d6799a313d73475b604e2d35059fd79a12042351a03c93deef75f7770366262a8a710c9e0f0727813720f10adfc7eff41b2ce81dfd693c2

    • SSDEEP

      3072:MwMRjDPFSyBDuG+zw01R9P6MDwMFBAKsg9uYwbh7yHpq5X:b8jDdSyBCG6w01+pG6ojwbRyHpm

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets DLL path for service in the registry

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks