Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...97.exe

windows7-x64

3

JaffaCakes...97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_36dabf92182637e44a836e7c785d9497

  • Size

    135KB

  • Sample

    250301-fj1fqa1qy4

  • MD5

    36dabf92182637e44a836e7c785d9497

  • SHA1

    b54c0444c159b71e5249c62040966573e14059ec

  • SHA256

    22c8b997df90907fd0cd7b2f3691d7b58452b9d439c9ff6225cd464a562f399f

  • SHA512

    02471b1c6483d7c7ca212d5e57448f72b9a1c30d5a81a8186f7bb474f7343c9f9e72a65d8035d28a10ace18f0569cbb5778a4a60ec6f12c252ad8c2d6ede676b

  • SSDEEP

    3072:umpgkSINDT1VFQAPdPWl6qDwG6+szHyRSTizPKq:n37XVrPtWl6dCs6Sk

Score
10/10
gh0stratbootkitdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_36dabf92182637e44a836e7c785d9497

    • Size

      135KB

    • MD5

      36dabf92182637e44a836e7c785d9497

    • SHA1

      b54c0444c159b71e5249c62040966573e14059ec

    • SHA256

      22c8b997df90907fd0cd7b2f3691d7b58452b9d439c9ff6225cd464a562f399f

    • SHA512

      02471b1c6483d7c7ca212d5e57448f72b9a1c30d5a81a8186f7bb474f7343c9f9e72a65d8035d28a10ace18f0569cbb5778a4a60ec6f12c252ad8c2d6ede676b

    • SSDEEP

      3072:umpgkSINDT1VFQAPdPWl6qDwG6+szHyRSTizPKq:n37XVrPtWl6dCs6Sk

    Score
    10/10
    discoverygh0stratbootkitpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks