Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...f6.exe

windows7-x64

10

JaffaCakes...f6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_3681dc5c378c293d1077c0b1dcca38f6

  • Size

    206KB

  • Sample

    250301-d9r6xszk16

  • MD5

    3681dc5c378c293d1077c0b1dcca38f6

  • SHA1

    61c16f01fb2459007fcf7a4bf8f3ca21264019af

  • SHA256

    fb4fb5b37152cdc67cd9926d4dd032a4f90650664462c096587dd8ad832a53c2

  • SHA512

    f4c50b0bf458ba340a97b8f8e86b471a0db81077f7a565894a33f3d1feb452ce6c0b19ee4cbf3dba1791a0c34f5fbbb32cc592161e7d9f3145d38cccdb6dcb00

  • SSDEEP

    6144:/QQA4bNzKa2qDnj2v1+9jz7z82Ih5aE6GDGT:/bb0a2qv2v1+9jzvS/f6GDGT

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_3681dc5c378c293d1077c0b1dcca38f6

    • Size

      206KB

    • MD5

      3681dc5c378c293d1077c0b1dcca38f6

    • SHA1

      61c16f01fb2459007fcf7a4bf8f3ca21264019af

    • SHA256

      fb4fb5b37152cdc67cd9926d4dd032a4f90650664462c096587dd8ad832a53c2

    • SHA512

      f4c50b0bf458ba340a97b8f8e86b471a0db81077f7a565894a33f3d1feb452ce6c0b19ee4cbf3dba1791a0c34f5fbbb32cc592161e7d9f3145d38cccdb6dcb00

    • SSDEEP

      6144:/QQA4bNzKa2qDnj2v1+9jz7z82Ih5aE6GDGT:/bb0a2qv2v1+9jzvS/f6GDGT

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks