Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4d257e507fea62c60ec257db15f91e59_JaffaCakes118
-
Size
240KB
-
Sample
240716-g46nxa1gkb
-
MD5
4d257e507fea62c60ec257db15f91e59
-
SHA1
bd4b17e49433c06be4e65d43174c45c8f3c14da3
-
SHA256
dd94a0e76e5de1ed7e055ef87507d3a2e00d3177dd2e450c4afc1e7d3eca6e84
-
SHA512
3ff13e664a5830d65cf5da1a7fdbe5442b216481d53877070688b8ec4bb8667c1651106e7ac7f13119f8276e7ec52748e984e2f83cd94b211fb7f481fd22e7f5
-
SSDEEP
6144:wQqu0cHNfrmD7JE/rn3BRTC9K2FyC8Zu:HVfrm3K/LBpjODQ
Behavioral task
behavioral1
Sample
4d257e507fea62c60ec257db15f91e59_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4d257e507fea62c60ec257db15f91e59_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
2011528135322.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
2011528135322.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
4d257e507fea62c60ec257db15f91e59_JaffaCakes118
-
Size
240KB
-
MD5
4d257e507fea62c60ec257db15f91e59
-
SHA1
bd4b17e49433c06be4e65d43174c45c8f3c14da3
-
SHA256
dd94a0e76e5de1ed7e055ef87507d3a2e00d3177dd2e450c4afc1e7d3eca6e84
-
SHA512
3ff13e664a5830d65cf5da1a7fdbe5442b216481d53877070688b8ec4bb8667c1651106e7ac7f13119f8276e7ec52748e984e2f83cd94b211fb7f481fd22e7f5
-
SSDEEP
6144:wQqu0cHNfrmD7JE/rn3BRTC9K2FyC8Zu:HVfrm3K/LBpjODQ
Score10/10-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
2011528135322.exe
-
Size
204KB
-
MD5
1a24c5e8b0653ff5c5033c1970af459a
-
SHA1
eeaa099ef42414aaf4f7c48618cd66a6e2ba9e37
-
SHA256
779ba65f8947c9206cade7b181683380da0ef1b12a1a8de5c2e6c00d53574e9b
-
SHA512
006478b5fae5964ad5ede2b3277fcccfa54de68dff768110b7fb9ab184baa2b714d1d44717d3f760f480fbe1ec48f4e7e569dc030d073da7241825468d552f15
-
SSDEEP
3072:YqVYtrjsN9NhlcOAeT4WWDQ8KKwirAKVd8R8httUH31:FKtnsN9Nvc6DWECwyXX8RM831
Score10/10-
Gh0st RAT payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-