Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b62ffd49bf...18.exe

windows7-x64

10

b62ffd49bf...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b62ffd49bff76c8fb3e94e4d6d7eef38_JaffaCakes118

  • Size

    183KB

  • Sample

    240822-d3z8yswfmh

  • MD5

    b62ffd49bff76c8fb3e94e4d6d7eef38

  • SHA1

    9b8c52cc18f41ddf985879a950ee8f4d72713fd7

  • SHA256

    ee9b6d599fa083106b88969579de65a53ac6c9e1f5d30f4309a6ad557d7348ff

  • SHA512

    bffa9d3644d9fddf50a0f58637fc04f7ae0cc5dc198ffcdaf41a7f34c92da3e985039220530d5f250ac7b910d2c4dd0743fa2cc102a6edc23888349664013856

  • SSDEEP

    3072:bMqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRHD:o9MMmwzlqUHoeWofjjpAViY/lH6h+Evj

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      b62ffd49bff76c8fb3e94e4d6d7eef38_JaffaCakes118

    • Size

      183KB

    • MD5

      b62ffd49bff76c8fb3e94e4d6d7eef38

    • SHA1

      9b8c52cc18f41ddf985879a950ee8f4d72713fd7

    • SHA256

      ee9b6d599fa083106b88969579de65a53ac6c9e1f5d30f4309a6ad557d7348ff

    • SHA512

      bffa9d3644d9fddf50a0f58637fc04f7ae0cc5dc198ffcdaf41a7f34c92da3e985039220530d5f250ac7b910d2c4dd0743fa2cc102a6edc23888349664013856

    • SSDEEP

      3072:bMqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRHD:o9MMmwzlqUHoeWofjjpAViY/lH6h+Evj

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks