Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    85dd025dfba86a8d33d3523d60a684c9_JaffaCakes118

  • Size

    349KB

  • Sample

    240531-d323jseg63

  • MD5

    85dd025dfba86a8d33d3523d60a684c9

  • SHA1

    128ad81e56d5194984b1da83b06d91225be2e608

  • SHA256

    27743fd79ec833b2127843863c3e0f8a7c994b3a885bea6293b49c63c3e5c81e

  • SHA512

    11b7958939393c149fce41a2174c7d019dce6f0b0ebacd5010fc7b51fb16bfea1451f5a1713f936b25bd3f24b2fff4ad91993ca456373af0ce064747931dd731

  • SSDEEP

    6144:Rv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjF:R4VOiF1WD7kE1dTYOi8V5u23zmWF

Score
10/10

Malware Config

Targets

    • Target

      85dd025dfba86a8d33d3523d60a684c9_JaffaCakes118

    • Size

      349KB

    • MD5

      85dd025dfba86a8d33d3523d60a684c9

    • SHA1

      128ad81e56d5194984b1da83b06d91225be2e608

    • SHA256

      27743fd79ec833b2127843863c3e0f8a7c994b3a885bea6293b49c63c3e5c81e

    • SHA512

      11b7958939393c149fce41a2174c7d019dce6f0b0ebacd5010fc7b51fb16bfea1451f5a1713f936b25bd3f24b2fff4ad91993ca456373af0ce064747931dd731

    • SSDEEP

      6144:Rv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjF:R4VOiF1WD7kE1dTYOi8V5u23zmWF

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks