Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    44da70d93e4832bcda8c41bab15f7981_JaffaCakes118

  • Size

    516KB

  • Sample

    240714-h76nra1epl

  • MD5

    44da70d93e4832bcda8c41bab15f7981

  • SHA1

    366dde236c920095a227b7b8b0c173c91419150c

  • SHA256

    b2929fc99779079c4b7d288302802fbd95c755ba94e814003b4725efa6cb2f2a

  • SHA512

    818c807c1f040d144011d9466dbc36afb086407ed5bef7baef9fb1e4e0dbbb045f06cc3369bfabe27930f4dabb46fb28954ceee134b6c316abd2b6743ceacdf8

  • SSDEEP

    6144:J00geEaFb79FR1eTboMMnIroSe5Kvf8QLBBzAM+GuN8QpKPiTcVZQY:J00geEaF1L5tSeMlLbzL+jkP

Malware Config

Targets

    • Target

      44da70d93e4832bcda8c41bab15f7981_JaffaCakes118

    • Size

      516KB

    • MD5

      44da70d93e4832bcda8c41bab15f7981

    • SHA1

      366dde236c920095a227b7b8b0c173c91419150c

    • SHA256

      b2929fc99779079c4b7d288302802fbd95c755ba94e814003b4725efa6cb2f2a

    • SHA512

      818c807c1f040d144011d9466dbc36afb086407ed5bef7baef9fb1e4e0dbbb045f06cc3369bfabe27930f4dabb46fb28954ceee134b6c316abd2b6743ceacdf8

    • SSDEEP

      6144:J00geEaFb79FR1eTboMMnIroSe5Kvf8QLBBzAM+GuN8QpKPiTcVZQY:J00geEaF1L5tSeMlLbzL+jkP

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks