Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0a3f8205f7fe4bd91af885d71bf42d25_JaffaCakes118

  • Size

    384KB

  • Sample

    240624-xjnklaxflc

  • MD5

    0a3f8205f7fe4bd91af885d71bf42d25

  • SHA1

    93cb6db3c98412214c64d051b5a53b93729d86f9

  • SHA256

    ae2f8d4d64ec48a205c3199b2db6e1a93bee71d51a4ad98fd35d35c28de5d09b

  • SHA512

    97549bdc0e588cd93800e33529703994454e8a7b4e8dbcbe6121d41c781610b246953698cc77feb2421008a2f6118e3e39f3f07ed9ce178bbdd54fc6b2088247

  • SSDEEP

    12288:KPdK4bgeK8VL5TKjb31wgxllhz7G60i2qvyOT:KPBjK8VlYb3P9FH

Malware Config

Targets

    • Target

      0a3f8205f7fe4bd91af885d71bf42d25_JaffaCakes118

    • Size

      384KB

    • MD5

      0a3f8205f7fe4bd91af885d71bf42d25

    • SHA1

      93cb6db3c98412214c64d051b5a53b93729d86f9

    • SHA256

      ae2f8d4d64ec48a205c3199b2db6e1a93bee71d51a4ad98fd35d35c28de5d09b

    • SHA512

      97549bdc0e588cd93800e33529703994454e8a7b4e8dbcbe6121d41c781610b246953698cc77feb2421008a2f6118e3e39f3f07ed9ce178bbdd54fc6b2088247

    • SSDEEP

      12288:KPdK4bgeK8VL5TKjb31wgxllhz7G60i2qvyOT:KPBjK8VlYb3P9FH

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks