Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4d12708da00126a4f9eefbcafb5d05d2_JaffaCakes118
-
Size
50KB
-
Sample
240716-gphnjaxgrl
-
MD5
4d12708da00126a4f9eefbcafb5d05d2
-
SHA1
95eee0352526288ffd0a0e20b0e3f049ba93e648
-
SHA256
ad3d0f9b34950681289504c7897102bb1c2e7bf59f26cdfc27b68611b57609ef
-
SHA512
d47b7fd80b0ea62f25b06dc954725251e4ca6928c1cda9be45f63c28791fbc07da15973ace113ce3b8d2718b9aa44ffd85fcfb5458c3deaa2e7bb1e715db8a43
-
SSDEEP
768:Pw8kZILvjmTeco9D5NDAmYdcHIjrB50Pqq1MT6R/wK44fUlsBZ6LChjsSSHfy:PHvkeVJr4wI/QPq16R/hDXdsv/y
Malware Config
Targets
-
-
Target
4d12708da00126a4f9eefbcafb5d05d2_JaffaCakes118
-
Size
50KB
-
MD5
4d12708da00126a4f9eefbcafb5d05d2
-
SHA1
95eee0352526288ffd0a0e20b0e3f049ba93e648
-
SHA256
ad3d0f9b34950681289504c7897102bb1c2e7bf59f26cdfc27b68611b57609ef
-
SHA512
d47b7fd80b0ea62f25b06dc954725251e4ca6928c1cda9be45f63c28791fbc07da15973ace113ce3b8d2718b9aa44ffd85fcfb5458c3deaa2e7bb1e715db8a43
-
SSDEEP
768:Pw8kZILvjmTeco9D5NDAmYdcHIjrB50Pqq1MT6R/wK44fUlsBZ6LChjsSSHfy:PHvkeVJr4wI/QPq16R/hDXdsv/y
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-