Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    132e8cd119870241be412d452d4662e4_JaffaCakes118

  • Size

    409KB

  • Sample

    241004-nnqfbawbqf

  • MD5

    132e8cd119870241be412d452d4662e4

  • SHA1

    aa191f72095e759241e70a261f784873eb1b5a0a

  • SHA256

    3ed3fe4f01db454e07b34c9354876184d09a4c8bc6b8fd038c982f3bb3354039

  • SHA512

    3bd31fd2d6eca324eef1457f2f7c85921a4e7162c5d14baf9dcf33aed1967318d042b20063741a922bcb8b485651c38b3f9c546b44c24e836c2882a87c719636

  • SSDEEP

    6144:tNRP42rmnG6yu0gvQ/ExKucH+fOkEXRTrC6kpitmdD01L6:tNm2rmG20fRucH+fOkEXRTrC6/mdD0w

Malware Config

Targets

    • Target

      132e8cd119870241be412d452d4662e4_JaffaCakes118

    • Size

      409KB

    • MD5

      132e8cd119870241be412d452d4662e4

    • SHA1

      aa191f72095e759241e70a261f784873eb1b5a0a

    • SHA256

      3ed3fe4f01db454e07b34c9354876184d09a4c8bc6b8fd038c982f3bb3354039

    • SHA512

      3bd31fd2d6eca324eef1457f2f7c85921a4e7162c5d14baf9dcf33aed1967318d042b20063741a922bcb8b485651c38b3f9c546b44c24e836c2882a87c719636

    • SSDEEP

      6144:tNRP42rmnG6yu0gvQ/ExKucH+fOkEXRTrC6kpitmdD01L6:tNm2rmG20fRucH+fOkEXRTrC6/mdD0w

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Deletes itself

    • Executes dropped EXE

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks