Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    94bda1bbecf8314ccb0b7cac3bda7217_JaffaCakes118

  • Size

    139KB

  • Sample

    240813-zy7m5awemf

  • MD5

    94bda1bbecf8314ccb0b7cac3bda7217

  • SHA1

    d093a5ebf9d5c5f04d19e35d8a2f79bb1ea8f12e

  • SHA256

    42028110d6e1320e031446bbdc585acb94a0c0147875a9dfc14c52f85792d5d9

  • SHA512

    33c47d6f9aa7708586e7afe8e9ddf10a3db701100e120cae57184cd665c9afc961182fa914fae36db2404b85afafe4542383f90e0acc94b2c76294628efda48f

  • SSDEEP

    3072:IVpbSWgMqqDa/QdMm97LHmfQJMtPVFS933s4tEtNiUe2jzWfg:kuIqqDGQd9/HmW6OgNiUBjCfg

Malware Config

Targets

    • Target

      94bda1bbecf8314ccb0b7cac3bda7217_JaffaCakes118

    • Size

      139KB

    • MD5

      94bda1bbecf8314ccb0b7cac3bda7217

    • SHA1

      d093a5ebf9d5c5f04d19e35d8a2f79bb1ea8f12e

    • SHA256

      42028110d6e1320e031446bbdc585acb94a0c0147875a9dfc14c52f85792d5d9

    • SHA512

      33c47d6f9aa7708586e7afe8e9ddf10a3db701100e120cae57184cd665c9afc961182fa914fae36db2404b85afafe4542383f90e0acc94b2c76294628efda48f

    • SSDEEP

      3072:IVpbSWgMqqDa/QdMm97LHmfQJMtPVFS933s4tEtNiUe2jzWfg:kuIqqDGQd9/HmW6OgNiUBjCfg

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks