Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4d257e507fea62c60ec257db15f91e59_JaffaCakes118

  • Size

    240KB

  • Sample

    240716-g46nxa1gkb

  • MD5

    4d257e507fea62c60ec257db15f91e59

  • SHA1

    bd4b17e49433c06be4e65d43174c45c8f3c14da3

  • SHA256

    dd94a0e76e5de1ed7e055ef87507d3a2e00d3177dd2e450c4afc1e7d3eca6e84

  • SHA512

    3ff13e664a5830d65cf5da1a7fdbe5442b216481d53877070688b8ec4bb8667c1651106e7ac7f13119f8276e7ec52748e984e2f83cd94b211fb7f481fd22e7f5

  • SSDEEP

    6144:wQqu0cHNfrmD7JE/rn3BRTC9K2FyC8Zu:HVfrm3K/LBpjODQ

Malware Config

Targets

    • Target

      4d257e507fea62c60ec257db15f91e59_JaffaCakes118

    • Size

      240KB

    • MD5

      4d257e507fea62c60ec257db15f91e59

    • SHA1

      bd4b17e49433c06be4e65d43174c45c8f3c14da3

    • SHA256

      dd94a0e76e5de1ed7e055ef87507d3a2e00d3177dd2e450c4afc1e7d3eca6e84

    • SHA512

      3ff13e664a5830d65cf5da1a7fdbe5442b216481d53877070688b8ec4bb8667c1651106e7ac7f13119f8276e7ec52748e984e2f83cd94b211fb7f481fd22e7f5

    • SSDEEP

      6144:wQqu0cHNfrmD7JE/rn3BRTC9K2FyC8Zu:HVfrm3K/LBpjODQ

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      2011528135322.exe

    • Size

      204KB

    • MD5

      1a24c5e8b0653ff5c5033c1970af459a

    • SHA1

      eeaa099ef42414aaf4f7c48618cd66a6e2ba9e37

    • SHA256

      779ba65f8947c9206cade7b181683380da0ef1b12a1a8de5c2e6c00d53574e9b

    • SHA512

      006478b5fae5964ad5ede2b3277fcccfa54de68dff768110b7fb9ab184baa2b714d1d44717d3f760f480fbe1ec48f4e7e569dc030d073da7241825468d552f15

    • SSDEEP

      3072:YqVYtrjsN9NhlcOAeT4WWDQ8KKwirAKVd8R8httUH31:FKtnsN9Nvc6DWECwyXX8RM831

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks