Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fe793af48ea5f6a280b870e90d3ac04c_JaffaCakes118
-
Size
270KB
-
Sample
240929-n3n6sswhld
-
MD5
fe793af48ea5f6a280b870e90d3ac04c
-
SHA1
31ea595d97f612905124203dd1c1d7c5fa902415
-
SHA256
962a22738f293250720a92b9a81ba199d144f3b6cf646f6e97151696f6e38756
-
SHA512
cbb213fb49fee2c345a4ba5763c3be3ff53474d864dda2fdd549ffd37d18363a9f33fe62907dd2b5db7de98b02d0b5db31b931d21ce0976e3a9c22ad879b0f17
-
SSDEEP
6144:eOnRyfNFO0HR7Wu55Onn+VI3zMJ79Wm0fvxT6/eaZ:eI8fNBHlV5I+coJZ+5G/l
Malware Config
Targets
-
-
Target
fe793af48ea5f6a280b870e90d3ac04c_JaffaCakes118
-
Size
270KB
-
MD5
fe793af48ea5f6a280b870e90d3ac04c
-
SHA1
31ea595d97f612905124203dd1c1d7c5fa902415
-
SHA256
962a22738f293250720a92b9a81ba199d144f3b6cf646f6e97151696f6e38756
-
SHA512
cbb213fb49fee2c345a4ba5763c3be3ff53474d864dda2fdd549ffd37d18363a9f33fe62907dd2b5db7de98b02d0b5db31b931d21ce0976e3a9c22ad879b0f17
-
SSDEEP
6144:eOnRyfNFO0HR7Wu55Onn+VI3zMJ79Wm0fvxT6/eaZ:eI8fNBHlV5I+coJZ+5G/l
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-