Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bc0af905eed914bcea2b1b7261e997a8_JaffaCakes118

  • Size

    384KB

  • Sample

    240823-re7vsa1clq

  • MD5

    bc0af905eed914bcea2b1b7261e997a8

  • SHA1

    dd56f55bc2c7446de5d2219ccd6222a8b6a850b4

  • SHA256

    8a36ff11648220c798c28391b52cfda3834716696b4030a9262d018c9e4b9e96

  • SHA512

    109513cc1d9c480df055597a5b76fc58cd9dbb3e1528658f7896a4ffef092e66d8297a8c2f22b88bd6eaa581f8173c950cbe43b5cd840d1bf7be8d4298b1d2f0

  • SSDEEP

    12288:KPdK4bgeK8VL5TKjb31wgxllhz7G60i2qvyOX:KPBjK8VlYb3P9FL

Malware Config

Targets

    • Target

      bc0af905eed914bcea2b1b7261e997a8_JaffaCakes118

    • Size

      384KB

    • MD5

      bc0af905eed914bcea2b1b7261e997a8

    • SHA1

      dd56f55bc2c7446de5d2219ccd6222a8b6a850b4

    • SHA256

      8a36ff11648220c798c28391b52cfda3834716696b4030a9262d018c9e4b9e96

    • SHA512

      109513cc1d9c480df055597a5b76fc58cd9dbb3e1528658f7896a4ffef092e66d8297a8c2f22b88bd6eaa581f8173c950cbe43b5cd840d1bf7be8d4298b1d2f0

    • SSDEEP

      12288:KPdK4bgeK8VL5TKjb31wgxllhz7G60i2qvyOX:KPBjK8VlYb3P9FL

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks