Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    efc09f1ce935207aacc213fbf8102830_JaffaCakes118

  • Size

    384KB

  • Sample

    240921-n8h7qs1dla

  • MD5

    efc09f1ce935207aacc213fbf8102830

  • SHA1

    3facddd0cb336d4746c8a3586ef3190fc60bd18f

  • SHA256

    e35221782e3ff5e34e3ec45d7e8080b03e7ddbcf2a4df4f3998a7f37b876a25d

  • SHA512

    4bb1c224e6887879262d072bdcfb1471af9b79c13d62300398d72bc38a4b12d940113c916c8fdd0828de49bbf1af181ce2da00353e775814c4e9692b7cd6c0d6

  • SSDEEP

    12288:KPdK4bgeK8VL5TKjb31wgxllhz7G60i2qvyOY:KPBjK8VlYb3P9Fk

Malware Config

Targets

    • Target

      efc09f1ce935207aacc213fbf8102830_JaffaCakes118

    • Size

      384KB

    • MD5

      efc09f1ce935207aacc213fbf8102830

    • SHA1

      3facddd0cb336d4746c8a3586ef3190fc60bd18f

    • SHA256

      e35221782e3ff5e34e3ec45d7e8080b03e7ddbcf2a4df4f3998a7f37b876a25d

    • SHA512

      4bb1c224e6887879262d072bdcfb1471af9b79c13d62300398d72bc38a4b12d940113c916c8fdd0828de49bbf1af181ce2da00353e775814c4e9692b7cd6c0d6

    • SSDEEP

      12288:KPdK4bgeK8VL5TKjb31wgxllhz7G60i2qvyOY:KPBjK8VlYb3P9Fk

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks