Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fe793af48ea5f6a280b870e90d3ac04c_JaffaCakes118

  • Size

    270KB

  • Sample

    240929-n3n6sswhld

  • MD5

    fe793af48ea5f6a280b870e90d3ac04c

  • SHA1

    31ea595d97f612905124203dd1c1d7c5fa902415

  • SHA256

    962a22738f293250720a92b9a81ba199d144f3b6cf646f6e97151696f6e38756

  • SHA512

    cbb213fb49fee2c345a4ba5763c3be3ff53474d864dda2fdd549ffd37d18363a9f33fe62907dd2b5db7de98b02d0b5db31b931d21ce0976e3a9c22ad879b0f17

  • SSDEEP

    6144:eOnRyfNFO0HR7Wu55Onn+VI3zMJ79Wm0fvxT6/eaZ:eI8fNBHlV5I+coJZ+5G/l

Malware Config

Targets

    • Target

      fe793af48ea5f6a280b870e90d3ac04c_JaffaCakes118

    • Size

      270KB

    • MD5

      fe793af48ea5f6a280b870e90d3ac04c

    • SHA1

      31ea595d97f612905124203dd1c1d7c5fa902415

    • SHA256

      962a22738f293250720a92b9a81ba199d144f3b6cf646f6e97151696f6e38756

    • SHA512

      cbb213fb49fee2c345a4ba5763c3be3ff53474d864dda2fdd549ffd37d18363a9f33fe62907dd2b5db7de98b02d0b5db31b931d21ce0976e3a9c22ad879b0f17

    • SSDEEP

      6144:eOnRyfNFO0HR7Wu55Onn+VI3zMJ79Wm0fvxT6/eaZ:eI8fNBHlV5I+coJZ+5G/l

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks