Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...9b.exe

windows7-x64

10

JaffaCakes...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_632e334cdf2bf8af293ae815ab92739b

  • Size

    387KB

  • Sample

    250311-ezx5vs1ly4

  • MD5

    632e334cdf2bf8af293ae815ab92739b

  • SHA1

    acb86e09d4b829903460890c5464187087ea8b0b

  • SHA256

    2ad9158380d361406f472e19be5387920f147288951022145bd0999d9ae183b3

  • SHA512

    fab8e42771a483e7722fae4ec0cd256192cd7613e11fd52a49d741379e6e2b1e26b468393f1d68bf853b442fca260327171b94985d0054858ef8970eeeaab488

  • SSDEEP

    12288:e2bGl7HnLFagg+anw7RxEQxEX60CPwAlto:5bGl7HLng3nARiQx460C4Kt

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_632e334cdf2bf8af293ae815ab92739b

    • Size

      387KB

    • MD5

      632e334cdf2bf8af293ae815ab92739b

    • SHA1

      acb86e09d4b829903460890c5464187087ea8b0b

    • SHA256

      2ad9158380d361406f472e19be5387920f147288951022145bd0999d9ae183b3

    • SHA512

      fab8e42771a483e7722fae4ec0cd256192cd7613e11fd52a49d741379e6e2b1e26b468393f1d68bf853b442fca260327171b94985d0054858ef8970eeeaab488

    • SSDEEP

      12288:e2bGl7HnLFagg+anw7RxEQxEX60CPwAlto:5bGl7HLng3nARiQx460C4Kt

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks