Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b59de95cea29b574e294bf41230e9668_JaffaCakes118

  • Size

    60KB

  • Sample

    240822-anhhtasdmr

  • MD5

    b59de95cea29b574e294bf41230e9668

  • SHA1

    6390436697decfba609ce93e172490de4a587e4f

  • SHA256

    ae8a58019e1f2afda2500872c3662456da61692bf824366b2766ec5c0c45f191

  • SHA512

    d16e56d2f042455a657270488050fb62ee22257520942abc7613000a3925db1bcc12eb931b1fa7dcf32a9f83ef63fe4741fa29dd5707e7140ce8510d7f3a2fc2

  • SSDEEP

    1536:CI6sJ1S0xnBTySc2c4WId1sNRl3tFvVz9r5HMF:CZh0xBTyPkSJlr5Hs

Malware Config

Targets

    • Target

      b59de95cea29b574e294bf41230e9668_JaffaCakes118

    • Size

      60KB

    • MD5

      b59de95cea29b574e294bf41230e9668

    • SHA1

      6390436697decfba609ce93e172490de4a587e4f

    • SHA256

      ae8a58019e1f2afda2500872c3662456da61692bf824366b2766ec5c0c45f191

    • SHA512

      d16e56d2f042455a657270488050fb62ee22257520942abc7613000a3925db1bcc12eb931b1fa7dcf32a9f83ef63fe4741fa29dd5707e7140ce8510d7f3a2fc2

    • SSDEEP

      1536:CI6sJ1S0xnBTySc2c4WId1sNRl3tFvVz9r5HMF:CZh0xBTyPkSJlr5Hs

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Event Triggered Execution: AppCert DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks