Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    832d96456ea8f4a148cff718e168aeed_JaffaCakes118

  • Size

    188KB

  • Sample

    240530-f91t6sgc6y

  • MD5

    832d96456ea8f4a148cff718e168aeed

  • SHA1

    01169ad143f69f98af004160fba4e9bb71ddfd17

  • SHA256

    202f9be49a6ac2a27a6f13bf104e872c5df28e5921d55e2cb1d54ecec415268b

  • SHA512

    777e4566063a56611e919f9dd038d30a82a5dded1681b8746f05296ec40dd8d4a5bc400a7ee312b406f4cc56a71bb111641ed761c60b12fc398afeb083e815d6

  • SSDEEP

    3072:PjVEf4Rr7mH8DJtdDqJUD9Ljpra0ROldJeXry49XDCb8fOCuoY:76f4Rg81tdeJUBBQVeXm2Dq8fOCuo

Score
10/10

Malware Config

Targets

    • Target

      832d96456ea8f4a148cff718e168aeed_JaffaCakes118

    • Size

      188KB

    • MD5

      832d96456ea8f4a148cff718e168aeed

    • SHA1

      01169ad143f69f98af004160fba4e9bb71ddfd17

    • SHA256

      202f9be49a6ac2a27a6f13bf104e872c5df28e5921d55e2cb1d54ecec415268b

    • SHA512

      777e4566063a56611e919f9dd038d30a82a5dded1681b8746f05296ec40dd8d4a5bc400a7ee312b406f4cc56a71bb111641ed761c60b12fc398afeb083e815d6

    • SSDEEP

      3072:PjVEf4Rr7mH8DJtdDqJUD9Ljpra0ROldJeXry49XDCb8fOCuoY:76f4Rg81tdeJUBBQVeXm2Dq8fOCuo

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks