Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

83919df2f3...18.exe

windows7-x64

10

83919df2f3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    83919df2f3db157639d237e4f39fa0d3_JaffaCakes118

  • Size

    376KB

  • Sample

    240809-z1hf1starg

  • MD5

    83919df2f3db157639d237e4f39fa0d3

  • SHA1

    78b0ad7709a3e61458b3cd374dd4a9c6d6260299

  • SHA256

    64cb412d2aba7e4b595f9ee45efca4ae2ab6d85d7b7b3aa0119d9c34189942bf

  • SHA512

    ed8b236b6d2864a1ac0d7bc620f875090dae1ec98e7b46b141400fc0e4c95f94a84b844c805e1e22903172528727d2f98cd247da6e00525bec08d120f73ddf3d

  • SSDEEP

    6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofphR:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmRm

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      83919df2f3db157639d237e4f39fa0d3_JaffaCakes118

    • Size

      376KB

    • MD5

      83919df2f3db157639d237e4f39fa0d3

    • SHA1

      78b0ad7709a3e61458b3cd374dd4a9c6d6260299

    • SHA256

      64cb412d2aba7e4b595f9ee45efca4ae2ab6d85d7b7b3aa0119d9c34189942bf

    • SHA512

      ed8b236b6d2864a1ac0d7bc620f875090dae1ec98e7b46b141400fc0e4c95f94a84b844c805e1e22903172528727d2f98cd247da6e00525bec08d120f73ddf3d

    • SSDEEP

      6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofphR:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmRm

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks