Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...ea.exe

windows7-x64

10

JaffaCakes...ea.exe

windows10-2004-x64

10

20118404441.exe

windows7-x64

6

20118404441.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_66a3465502ceef6514b81cda65af97ea

  • Size

    88KB

  • Sample

    250311-wvydha1xfx

  • MD5

    66a3465502ceef6514b81cda65af97ea

  • SHA1

    dbbd91bd4f5d6dceb9c9fcb7a2cfe37033679fc6

  • SHA256

    7ab5a4963454c799cc1149b38d9b26fa816cfdf938169879b431723f863a44d1

  • SHA512

    60a0fee518ea398651f232e76e668b2dc09d83cfe6a14cc83bcfb873c318e35bee47ec4ba3d3f68991d5baa41fb8a621d662fc87fc6de60a3df5cb2701bb31b3

  • SSDEEP

    1536:ALXB65939tY6HBg4sXJXivNF3NT9672dY7LVF3+PwiFqIbdwV4HRwBxya:ALk395hYXJyFpVSTz+NdwyRQca

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_66a3465502ceef6514b81cda65af97ea

    • Size

      88KB

    • MD5

      66a3465502ceef6514b81cda65af97ea

    • SHA1

      dbbd91bd4f5d6dceb9c9fcb7a2cfe37033679fc6

    • SHA256

      7ab5a4963454c799cc1149b38d9b26fa816cfdf938169879b431723f863a44d1

    • SHA512

      60a0fee518ea398651f232e76e668b2dc09d83cfe6a14cc83bcfb873c318e35bee47ec4ba3d3f68991d5baa41fb8a621d662fc87fc6de60a3df5cb2701bb31b3

    • SSDEEP

      1536:ALXB65939tY6HBg4sXJXivNF3NT9672dY7LVF3+PwiFqIbdwV4HRwBxya:ALk395hYXJyFpVSTz+NdwyRQca

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      20118404441.exe

    • Size

      152KB

    • MD5

      76d4be5325ab30c36a17d59058a49784

    • SHA1

      94c9e0f84cebe4f418c0e9fd968f8e4b7d5ff300

    • SHA256

      15a152afd9e625e11962c53a7a2c67777df7b5f313d1d22f9f16888f41618328

    • SHA512

      75f5ce2b0f65755f93fd9d50121c172e209597d781c5b6ec020b2593ec9654f3199e243df5c8c5c5d23daa00fba4e42e186e5ff0e80b9c7c4ca156dae7fee55d

    • SSDEEP

      3072:KIp2zGi8A6m7qy2U+moikUvIaLDSGdAjeKEBKLCigD52m:KIp2CE7Ho7UDVdA6rKelT

    Score
    6/10
    discoverypersistence
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks