Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    230f85c7314051e503c0693c98935f46_JaffaCakes118

  • Size

    153KB

  • Sample

    240703-t345xazfjg

  • MD5

    230f85c7314051e503c0693c98935f46

  • SHA1

    ba8377965e6278e1c93eba970fa427094a4d5d9d

  • SHA256

    0a693852ca4bbbeb1c64196a3b6fd71300337306e149b9fd3a6119b48aa71447

  • SHA512

    8c7c0ff33312258b3eac3de0f4344efacb1c2e98fedcd056a0bbd0d4b1705ced40cfb2dd6ceacb39da53c4fe482d30860babc86ed866f805af44018bca2c6263

  • SSDEEP

    3072:NJ/dNdJ7OwMX7cPCW9WXlXOFaSHr0HDcNPxuGeOF6outFnA:/T7OwMXo7oX8oSHr0HDw6oS2

Malware Config

Targets

    • Target

      230f85c7314051e503c0693c98935f46_JaffaCakes118

    • Size

      153KB

    • MD5

      230f85c7314051e503c0693c98935f46

    • SHA1

      ba8377965e6278e1c93eba970fa427094a4d5d9d

    • SHA256

      0a693852ca4bbbeb1c64196a3b6fd71300337306e149b9fd3a6119b48aa71447

    • SHA512

      8c7c0ff33312258b3eac3de0f4344efacb1c2e98fedcd056a0bbd0d4b1705ced40cfb2dd6ceacb39da53c4fe482d30860babc86ed866f805af44018bca2c6263

    • SSDEEP

      3072:NJ/dNdJ7OwMX7cPCW9WXlXOFaSHr0HDcNPxuGeOF6outFnA:/T7OwMXo7oX8oSHr0HDw6oS2

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks