Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
44da70d93e4832bcda8c41bab15f7981_JaffaCakes118
-
Size
516KB
-
Sample
240714-h76nra1epl
-
MD5
44da70d93e4832bcda8c41bab15f7981
-
SHA1
366dde236c920095a227b7b8b0c173c91419150c
-
SHA256
b2929fc99779079c4b7d288302802fbd95c755ba94e814003b4725efa6cb2f2a
-
SHA512
818c807c1f040d144011d9466dbc36afb086407ed5bef7baef9fb1e4e0dbbb045f06cc3369bfabe27930f4dabb46fb28954ceee134b6c316abd2b6743ceacdf8
-
SSDEEP
6144:J00geEaFb79FR1eTboMMnIroSe5Kvf8QLBBzAM+GuN8QpKPiTcVZQY:J00geEaF1L5tSeMlLbzL+jkP
Malware Config
Targets
-
-
Target
44da70d93e4832bcda8c41bab15f7981_JaffaCakes118
-
Size
516KB
-
MD5
44da70d93e4832bcda8c41bab15f7981
-
SHA1
366dde236c920095a227b7b8b0c173c91419150c
-
SHA256
b2929fc99779079c4b7d288302802fbd95c755ba94e814003b4725efa6cb2f2a
-
SHA512
818c807c1f040d144011d9466dbc36afb086407ed5bef7baef9fb1e4e0dbbb045f06cc3369bfabe27930f4dabb46fb28954ceee134b6c316abd2b6743ceacdf8
-
SSDEEP
6144:J00geEaFb79FR1eTboMMnIroSe5Kvf8QLBBzAM+GuN8QpKPiTcVZQY:J00geEaF1L5tSeMlLbzL+jkP
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-