Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118
-
Size
1.4MB
-
Sample
240407-ywqq6adf43
-
MD5
e5c146605f6db0b6e211a2d4cfd6ed98
-
SHA1
24e040fdef34bfdaea1ac40b001e5052fa5c6207
-
SHA256
b6083565ffaf8a2e72c17a29360fa7f75477c6b5fc123f2e5c6f1c06ad49f6cc
-
SHA512
300103548a9ac9bdf658d1e2a4e5453493d922372c4982899d1cf66bacd72e8f8b0f0e87a2d71765196b87d749fc13632f712cc1a36a8468aaf2c3e50df1417d
-
SSDEEP
24576:p8TJtpd95n1HCEei6gFT/L+V3F+kyRejskFL/whBZhnHo4Sad5RKrN0z/d2ew:GJtpx1iErFrLK3F7QojUnHo4Sa0rN0Zw
Behavioral task
behavioral1
Sample
e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
socelars
http://www.iyiqian.com/
http://www.xxhufdc.top/
http://www.uefhkice.xyz/
http://www.fcektsy.top/
Targets
-
-
Target
e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118
-
Size
1.4MB
-
MD5
e5c146605f6db0b6e211a2d4cfd6ed98
-
SHA1
24e040fdef34bfdaea1ac40b001e5052fa5c6207
-
SHA256
b6083565ffaf8a2e72c17a29360fa7f75477c6b5fc123f2e5c6f1c06ad49f6cc
-
SHA512
300103548a9ac9bdf658d1e2a4e5453493d922372c4982899d1cf66bacd72e8f8b0f0e87a2d71765196b87d749fc13632f712cc1a36a8468aaf2c3e50df1417d
-
SSDEEP
24576:p8TJtpd95n1HCEei6gFT/L+V3F+kyRejskFL/whBZhnHo4Sad5RKrN0z/d2ew:GJtpx1iErFrLK3F7QojUnHo4Sa0rN0Zw
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-