Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_385e647581c6f296b0b181d5c709b8fc
-
Size
184KB
-
Sample
250301-l8es7sypt4
-
MD5
385e647581c6f296b0b181d5c709b8fc
-
SHA1
5c934308b7bae9176cf3f84ceb7516f2b65a06ea
-
SHA256
b6ad56593921d5a26cfbda1cad5743d267522cb3d664cf90b758c6ebb2391d1f
-
SHA512
80191bcf09cd936b1b7f639d1979f2550114a3117da7863d979cd394612666d775e67f7c448078c684e12841ef66e8b2f92d9555eb86dcaabae75cd5479c8479
-
SSDEEP
3072:htZBk6WsJ7vNnSXgoO0FI0jwW9rZ3AiefzpTz3k7fwdo+:jZBk6WsJ74Jjv9BAiefzpTz/do
Malware Config
Targets
-
-
Target
JaffaCakes118_385e647581c6f296b0b181d5c709b8fc
-
Size
184KB
-
MD5
385e647581c6f296b0b181d5c709b8fc
-
SHA1
5c934308b7bae9176cf3f84ceb7516f2b65a06ea
-
SHA256
b6ad56593921d5a26cfbda1cad5743d267522cb3d664cf90b758c6ebb2391d1f
-
SHA512
80191bcf09cd936b1b7f639d1979f2550114a3117da7863d979cd394612666d775e67f7c448078c684e12841ef66e8b2f92d9555eb86dcaabae75cd5479c8479
-
SSDEEP
3072:htZBk6WsJ7vNnSXgoO0FI0jwW9rZ3AiefzpTz3k7fwdo+:jZBk6WsJ74Jjv9BAiefzpTz/do
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-