Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2a79e41003...18.exe

windows7-x64

10

2a79e41003...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a79e41003bd0be1b9c05478d701b6e0_JaffaCakes118

  • Size

    234KB

  • Sample

    240708-bn7clsxgnh

  • MD5

    2a79e41003bd0be1b9c05478d701b6e0

  • SHA1

    1c16edc78c6e535cdf0e4e44ac6e45453949eacf

  • SHA256

    1dc6a4e5fabf3ae648d3f7f4e58bb45c584b59fd4a0323de02e59765114c6d9c

  • SHA512

    d0b5c37d75cdfdd95bc3e1695ecd56cf346f5c2eb51d505d47b49425bdbc2ec7ff7a78acad25be9591f73a8ba55935fe2ba07215563c73ff9a40d49946671095

  • SSDEEP

    3072:WpTBizAiqdhoCylcf76jFLm5qfuMq8Z+FqXs8cDNqR/nu5/ABslHk:WpVSqdwFq5qmM+F1rDYnQ/Ab

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      2a79e41003bd0be1b9c05478d701b6e0_JaffaCakes118

    • Size

      234KB

    • MD5

      2a79e41003bd0be1b9c05478d701b6e0

    • SHA1

      1c16edc78c6e535cdf0e4e44ac6e45453949eacf

    • SHA256

      1dc6a4e5fabf3ae648d3f7f4e58bb45c584b59fd4a0323de02e59765114c6d9c

    • SHA512

      d0b5c37d75cdfdd95bc3e1695ecd56cf346f5c2eb51d505d47b49425bdbc2ec7ff7a78acad25be9591f73a8ba55935fe2ba07215563c73ff9a40d49946671095

    • SSDEEP

      3072:WpTBizAiqdhoCylcf76jFLm5qfuMq8Z+FqXs8cDNqR/nu5/ABslHk:WpVSqdwFq5qmM+F1rDYnQ/Ab

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks