Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fa0c4c5e19d59f45eb769577e86bb09c_JaffaCakes118

  • Size

    384KB

  • Sample

    240419-lx5v9afe2z

  • MD5

    fa0c4c5e19d59f45eb769577e86bb09c

  • SHA1

    f2832ca888c1ebf49ffef11ac9378fbd9585d28f

  • SHA256

    f82aa9766039e63368195518afaedfac11acc36c623338a57a126619862d2eb0

  • SHA512

    388be98b3a90f83304d7400fdf48b8c7c1e28af6412dd7a847e0c84a35382f1840143ab99f99381647e6d3dfebbbbc26aa387e42a813703d5b2bd788388945f0

  • SSDEEP

    12288:KPdK4bgeK8VL5TKjb31wgxllhz7G60i2qvyOO:KPBjK8VlYb3P9FC

Malware Config

Targets

    • Target

      fa0c4c5e19d59f45eb769577e86bb09c_JaffaCakes118

    • Size

      384KB

    • MD5

      fa0c4c5e19d59f45eb769577e86bb09c

    • SHA1

      f2832ca888c1ebf49ffef11ac9378fbd9585d28f

    • SHA256

      f82aa9766039e63368195518afaedfac11acc36c623338a57a126619862d2eb0

    • SHA512

      388be98b3a90f83304d7400fdf48b8c7c1e28af6412dd7a847e0c84a35382f1840143ab99f99381647e6d3dfebbbbc26aa387e42a813703d5b2bd788388945f0

    • SSDEEP

      12288:KPdK4bgeK8VL5TKjb31wgxllhz7G60i2qvyOO:KPBjK8VlYb3P9FC

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks