Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_3cfa0e6866f2919907781cdc7a7133e9

  • Size

    110KB

  • Sample

    250127-hltgaswndv

  • MD5

    3cfa0e6866f2919907781cdc7a7133e9

  • SHA1

    163c138189596f4b8053c341283cb382732cbec8

  • SHA256

    dfe9db1da244e566f45050b88078763e5e39ecd3a4496bbc717629da04fbfc8a

  • SHA512

    8362b917813c030be94e2e45c2a87e89ae9c41102b8fe0d6090af7395319a97e0914d9beb551c2879791d08329c53258b1b1703dbd1aff7657aea166ac796b98

  • SSDEEP

    3072:8EXI1SyGRjgp1gl5IRXlmAUW5NiWEHaTAwTw+spbxY1:JX0SyGRjgpCl5IRXEAZ30HQPw+a2

Malware Config

Targets

    • Target

      JaffaCakes118_3cfa0e6866f2919907781cdc7a7133e9

    • Size

      110KB

    • MD5

      3cfa0e6866f2919907781cdc7a7133e9

    • SHA1

      163c138189596f4b8053c341283cb382732cbec8

    • SHA256

      dfe9db1da244e566f45050b88078763e5e39ecd3a4496bbc717629da04fbfc8a

    • SHA512

      8362b917813c030be94e2e45c2a87e89ae9c41102b8fe0d6090af7395319a97e0914d9beb551c2879791d08329c53258b1b1703dbd1aff7657aea166ac796b98

    • SSDEEP

      3072:8EXI1SyGRjgp1gl5IRXlmAUW5NiWEHaTAwTw+spbxY1:JX0SyGRjgpCl5IRXEAZ30HQPw+a2

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Server Software Component: Terminal Services DLL

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks