Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3248fb9094e25aa840005b9c763e2b00_JaffaCakes118

  • Size

    188KB

  • Sample

    240709-2p3nxszhkk

  • MD5

    3248fb9094e25aa840005b9c763e2b00

  • SHA1

    cacb6cdb354d4f8f8ce6ecd84a249bd4e849d6bd

  • SHA256

    6426d30c2ea733e1518219eba8c3d70ebc3d6e98106f513c56f6ade6b93eb03c

  • SHA512

    fad7db4f0df830a0856e286b4c2421b8e641bbf31766c277d4f083bdade1c64060f700be25ff0a55e27f32e153ea0aabdb4f90d4f47225e2b4d0a48d0404c3ce

  • SSDEEP

    3072:lO3IMonogaQNJDVAkAEftr/TE9qnUkG+k+g0C7Ed51OO0nf9z8f+srZrNg:9ogaQLVAEtbT9nUzf7+51/6S+GZh

Malware Config

Targets

    • Target

      3248fb9094e25aa840005b9c763e2b00_JaffaCakes118

    • Size

      188KB

    • MD5

      3248fb9094e25aa840005b9c763e2b00

    • SHA1

      cacb6cdb354d4f8f8ce6ecd84a249bd4e849d6bd

    • SHA256

      6426d30c2ea733e1518219eba8c3d70ebc3d6e98106f513c56f6ade6b93eb03c

    • SHA512

      fad7db4f0df830a0856e286b4c2421b8e641bbf31766c277d4f083bdade1c64060f700be25ff0a55e27f32e153ea0aabdb4f90d4f47225e2b4d0a48d0404c3ce

    • SSDEEP

      3072:lO3IMonogaQNJDVAkAEftr/TE9qnUkG+k+g0C7Ed51OO0nf9z8f+srZrNg:9ogaQLVAEtbT9nUzf7+51/6S+GZh

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks