Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2a3f7f15ae8521504021f70d028c4b3d_JaffaCakes118
-
Size
362KB
-
Sample
240329-xp9d9agb74
-
MD5
2a3f7f15ae8521504021f70d028c4b3d
-
SHA1
78130866eeaa2cc64fbdee360f18895058a81cad
-
SHA256
f1b4a215a84e80e11e558a5c995fd05fe34838aacf38763ca11d5714f4f63091
-
SHA512
05479fc0547c006d5fa39a12405433ac575dd5f7db00bc11176f1800ac70c7cc272a7d9aa8c5029e7949c766462441310de906c9503739fbe176ea2ede65751a
-
SSDEEP
6144:rR7PBeJA8J4bTXax4cK0jzzbRe8t35h6DUEVtI7j2:RPB/Wjde8tJhOUEtC
Static task
static1
Behavioral task
behavioral1
Sample
2a3f7f15ae8521504021f70d028c4b3d_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
netwire
globalpersonaldns.ddns.net:54984
personalpractice1.hopto.org:54984
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
clients
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
vQSrxiLN
-
offline_keylogger
true
-
password
checkmate123
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
2a3f7f15ae8521504021f70d028c4b3d_JaffaCakes118
-
Size
362KB
-
MD5
2a3f7f15ae8521504021f70d028c4b3d
-
SHA1
78130866eeaa2cc64fbdee360f18895058a81cad
-
SHA256
f1b4a215a84e80e11e558a5c995fd05fe34838aacf38763ca11d5714f4f63091
-
SHA512
05479fc0547c006d5fa39a12405433ac575dd5f7db00bc11176f1800ac70c7cc272a7d9aa8c5029e7949c766462441310de906c9503739fbe176ea2ede65751a
-
SSDEEP
6144:rR7PBeJA8J4bTXax4cK0jzzbRe8t35h6DUEVtI7j2:RPB/Wjde8tJhOUEtC
-
NetWire RAT payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-