Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    85c0a234cf35aa4786573998cf903176_JaffaCakes118

  • Size

    159KB

  • Sample

    240531-c4ah9acc3s

  • MD5

    85c0a234cf35aa4786573998cf903176

  • SHA1

    acdf833440f1cb40022ec188e9f5b81edd444023

  • SHA256

    165d1c5f892df712d48a2b3c4eac3904fd0dadfc5f4d5004e0405e9916da0a37

  • SHA512

    c265b1441ee91b1dd4ed441503f29cec732a1f4f703de1a617ec03a27e03bc765d8c28c43af5a0e43603c2f6aea418ea88bfe8221600a1a0c5ee884c21714b35

  • SSDEEP

    3072:P95Cbz70dZlVff5TXmoWOQJdpgMxsdSyg4TvtcMk8Lyzb8ckivlu5KjiCbmN:P9HVn5T2oWOQHpl2GkGMkSgb8Svlu5K+

Malware Config

Targets

    • Target

      85c0a234cf35aa4786573998cf903176_JaffaCakes118

    • Size

      159KB

    • MD5

      85c0a234cf35aa4786573998cf903176

    • SHA1

      acdf833440f1cb40022ec188e9f5b81edd444023

    • SHA256

      165d1c5f892df712d48a2b3c4eac3904fd0dadfc5f4d5004e0405e9916da0a37

    • SHA512

      c265b1441ee91b1dd4ed441503f29cec732a1f4f703de1a617ec03a27e03bc765d8c28c43af5a0e43603c2f6aea418ea88bfe8221600a1a0c5ee884c21714b35

    • SSDEEP

      3072:P95Cbz70dZlVff5TXmoWOQJdpgMxsdSyg4TvtcMk8Lyzb8ckivlu5KjiCbmN:P9HVn5T2oWOQHpl2GkGMkSgb8Svlu5K+

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks