Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aac4261445db0b2fcc4af36f78205c8c_JaffaCakes118

  • Size

    384KB

  • Sample

    240819-m8a1patfqp

  • MD5

    aac4261445db0b2fcc4af36f78205c8c

  • SHA1

    f71f2e25b92cc63de323793005445499ac4c8fe1

  • SHA256

    738396630bb97405ff2aa2820450bd5bf1e3f387706e78afd41d3ca57a7d8737

  • SHA512

    6ce4ed0ef307ea38df68bb57f28997f3181995cc0c8a16248f127ccc53a886f3472031648fa10434dd90dfac7bea58d874dd267ced9ac143bc1ff2585021d085

  • SSDEEP

    12288:KPdK4bgeK8VL5TKjb31wgxllhz7G60i2qvyO7:KPBjK8VlYb3P9F3

Malware Config

Targets

    • Target

      aac4261445db0b2fcc4af36f78205c8c_JaffaCakes118

    • Size

      384KB

    • MD5

      aac4261445db0b2fcc4af36f78205c8c

    • SHA1

      f71f2e25b92cc63de323793005445499ac4c8fe1

    • SHA256

      738396630bb97405ff2aa2820450bd5bf1e3f387706e78afd41d3ca57a7d8737

    • SHA512

      6ce4ed0ef307ea38df68bb57f28997f3181995cc0c8a16248f127ccc53a886f3472031648fa10434dd90dfac7bea58d874dd267ced9ac143bc1ff2585021d085

    • SSDEEP

      12288:KPdK4bgeK8VL5TKjb31wgxllhz7G60i2qvyO7:KPBjK8VlYb3P9F3

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks