Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

fb106c1064...18.exe

windows7-x64

10

fb106c1064...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb106c106461faf06f42bfe1f834b0c7_JaffaCakes118

  • Size

    376KB

  • Sample

    240927-22atnsthkm

  • MD5

    fb106c106461faf06f42bfe1f834b0c7

  • SHA1

    fd12d87ec3906ddb708d5b365b1d529a2496f7c1

  • SHA256

    21b9395b7c75f593218910fe8098c5883364c7a70e5cbae19c26410f3bc2c40e

  • SHA512

    21d1b2ae33e5793bbf063882a31a32e55abd6796399585d5e2874ecbd2bd6121c2a86c5e6343efd899a753382ae8a11f5c6e4a8becb8338c2094a19fba1c956a

  • SSDEEP

    6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofphN:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmRy

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      fb106c106461faf06f42bfe1f834b0c7_JaffaCakes118

    • Size

      376KB

    • MD5

      fb106c106461faf06f42bfe1f834b0c7

    • SHA1

      fd12d87ec3906ddb708d5b365b1d529a2496f7c1

    • SHA256

      21b9395b7c75f593218910fe8098c5883364c7a70e5cbae19c26410f3bc2c40e

    • SHA512

      21d1b2ae33e5793bbf063882a31a32e55abd6796399585d5e2874ecbd2bd6121c2a86c5e6343efd899a753382ae8a11f5c6e4a8becb8338c2094a19fba1c956a

    • SSDEEP

      6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofphN:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmRy

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks