Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0ec024243a3918640ea5391448ba6931_JaffaCakes118

  • Size

    272KB

  • Sample

    240625-tym1tstcjn

  • MD5

    0ec024243a3918640ea5391448ba6931

  • SHA1

    9c4464ab0a3f5548378dd62eb149a0852f2843be

  • SHA256

    3065a73dc9c51a8771e00c32687d2e8d82b96b7a64ba4c542bd1b5aea03bb536

  • SHA512

    81898d2c4b890460dbe3dd90e95bf67dbdb132c3d35aa2b16000099643632c7ed34ee0a547690c7d854b381052126fe3b5e2d0a7899ac5ce570ac06033e18d70

  • SSDEEP

    6144:J00geEaFb79FR1eTboMMnIroSe5Kvf8QLBBzAM+GuN8QpKPig:J00geEaF1L5tSeMlLbzL+jkf

Malware Config

Targets

    • Target

      0ec024243a3918640ea5391448ba6931_JaffaCakes118

    • Size

      272KB

    • MD5

      0ec024243a3918640ea5391448ba6931

    • SHA1

      9c4464ab0a3f5548378dd62eb149a0852f2843be

    • SHA256

      3065a73dc9c51a8771e00c32687d2e8d82b96b7a64ba4c542bd1b5aea03bb536

    • SHA512

      81898d2c4b890460dbe3dd90e95bf67dbdb132c3d35aa2b16000099643632c7ed34ee0a547690c7d854b381052126fe3b5e2d0a7899ac5ce570ac06033e18d70

    • SSDEEP

      6144:J00geEaFb79FR1eTboMMnIroSe5Kvf8QLBBzAM+GuN8QpKPig:J00geEaF1L5tSeMlLbzL+jkf

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks