Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    87e9a517ac797e8ca22ba8ca0a1a490c_JaffaCakes118

  • Size

    252KB

  • Sample

    240531-w1tmhage61

  • MD5

    87e9a517ac797e8ca22ba8ca0a1a490c

  • SHA1

    914d6724fe7ea267a9297373772f7e2d46c7092c

  • SHA256

    576ba8d4be4b5d8c79e8b2552876bd786868ccbd4f237f49461a378692d40208

  • SHA512

    00135663e5aa2431d60fc79764918e053c221097d5d1d37d6d6b9cd65687302b57972ea83165d44adb6f860d6da1a9f3f25467bdeca22877f81a1de530a1fd50

  • SSDEEP

    3072:iumlCA7x6tit/Qd9cVVxrv8oL2O9F+enxvoEiFSvG86CdDoQk:iDYtGY94PL5LXF/xg/F98pd

Malware Config

Targets

    • Target

      87e9a517ac797e8ca22ba8ca0a1a490c_JaffaCakes118

    • Size

      252KB

    • MD5

      87e9a517ac797e8ca22ba8ca0a1a490c

    • SHA1

      914d6724fe7ea267a9297373772f7e2d46c7092c

    • SHA256

      576ba8d4be4b5d8c79e8b2552876bd786868ccbd4f237f49461a378692d40208

    • SHA512

      00135663e5aa2431d60fc79764918e053c221097d5d1d37d6d6b9cd65687302b57972ea83165d44adb6f860d6da1a9f3f25467bdeca22877f81a1de530a1fd50

    • SSDEEP

      3072:iumlCA7x6tit/Qd9cVVxrv8oL2O9F+enxvoEiFSvG86CdDoQk:iDYtGY94PL5LXF/xg/F98pd

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • UAC bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks