Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e882a1dd4b17dc254c6480775eacc7bc_JaffaCakes118
-
Size
1.7MB
-
Sample
240408-1tmmtsch95
-
MD5
e882a1dd4b17dc254c6480775eacc7bc
-
SHA1
0f0b5c5dbc4cd3e02009f774e352808712ed607b
-
SHA256
fcd0904bb17ffe18d018643fc90e7e02889c529b529a8a88e7c527403874379f
-
SHA512
bb9675f4a9b37e63163c9d810baa3ed1ec3a192b117543aad85ff9a04b07d6aedd80a6d090e623dd583838287f1aa8f0731627f838508a4dbe4bf044c01857fe
-
SSDEEP
49152:fUKc27m5MIBgW8kLYhNI55KYCOqSwh7Q:fUKcTeIJMk+L9
Static task
static1
Behavioral task
behavioral1
Sample
e882a1dd4b17dc254c6480775eacc7bc_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Inespresso.xlm
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
Inespresso.xlm
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
Nemica.xlm
Resource
win7-20240221-en
Behavioral task
behavioral5
Sample
Nemica.xlm
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
Ora.xlm
Resource
win7-20240215-en
Behavioral task
behavioral7
Sample
Ora.xlm
Resource
win10v2004-20231215-en
Behavioral task
behavioral8
Sample
Sara.xlm
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
Sara.xlm
Resource
win10v2004-20240226-en
Malware Config
Extracted
cryptbot
smainz71.top
moriwi07.top
-
payload_url
http://guruzo10.top/download.php?file=lv.exe
Targets
-
-
Target
e882a1dd4b17dc254c6480775eacc7bc_JaffaCakes118
-
Size
1.7MB
-
MD5
e882a1dd4b17dc254c6480775eacc7bc
-
SHA1
0f0b5c5dbc4cd3e02009f774e352808712ed607b
-
SHA256
fcd0904bb17ffe18d018643fc90e7e02889c529b529a8a88e7c527403874379f
-
SHA512
bb9675f4a9b37e63163c9d810baa3ed1ec3a192b117543aad85ff9a04b07d6aedd80a6d090e623dd583838287f1aa8f0731627f838508a4dbe4bf044c01857fe
-
SSDEEP
49152:fUKc27m5MIBgW8kLYhNI55KYCOqSwh7Q:fUKcTeIJMk+L9
Score10/10-
CryptBot payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Inespresso.xlm
-
Size
872KB
-
MD5
cf31bde37831552fab013aaf8c9f4be6
-
SHA1
159fc03c0d082e6c110afa148e7300354015100c
-
SHA256
bd6b8c5d28904d2b863702b1903f7a916b1233675e3b2a57330855de90e335cd
-
SHA512
b3e543eef5d17165aed0b608a32c66149660bdf763f507063304e893d74132e167e3e28df8ff32a0e6dce01d3843a5a5c14a0c6754e131cf82c6efe618ed0c1b
-
SSDEEP
12288:8pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:8T3E53Myyzl0hMf1tr7Caw8M01
Score1/10 -
-
-
Target
Nemica.xlm
-
Size
894KB
-
MD5
a04bbed6affbcb15ccce225509cd9ca1
-
SHA1
a7db9bd56c0abeb9c15fc0deae26c445db95073f
-
SHA256
27f09926063ca744ba9f0afb85d45df7b4165f757a1ec88a6f68411591c9e005
-
SHA512
963ef7669e8b1b3eed613da2edd00abb54d5854d2ec93eafcfafa2eaa9f4766b72edecc37134f59727fe1622b59f435583bcc3eecae500cc1e6a2b703f870aa9
-
SSDEEP
24576:LsahnkIOrsrSLe4wP57uKCHvOmTYfSSFVQ8y:bk5s00P5aKOvOFSSFVQd
Score1/10 -
-
-
Target
Ora.xlm
-
Size
456B
-
MD5
18b24f12fdd4bd6d5efb8cfbdb678913
-
SHA1
f5c907df748cce46ed713cae112c5db4a36ba040
-
SHA256
560533a9c03a9ec0befcfe79bbda4af6302b57a567eff87f0a8b74043b427340
-
SHA512
c2d019d4e6fbdf22809914d8cd15570f9ac64c0f5cb3bdcbcbb346fa3c1082a564926ceb058337f32c6897f0a620203f2d296bae65516a3dc5436cac2098781a
Score1/10 -
-
-
Target
Sara.xlm
-
Size
648KB
-
MD5
ba75521f7c6ecec854204a48473fbdca
-
SHA1
c07e7a94203325034a513e93edd5da776e6546a2
-
SHA256
1b20777078d78e8af6cce703229ee3a1d890f5a91e192923a4ef9c6b64336b25
-
SHA512
41cb3346993b18a17d395bad25291882cdd2d4b91dce587c4397a8d952e71f6593b13d1c73d6b578c54ac9ba50b93e6c4f4d8247cfc5b5f0546de8f8c94f4a2a
-
SSDEEP
6144:I0UV2T1RP49ZEfDGCnafNYS2R74NGSjrhtmrJuiWQvchSgbJb8BdqGsuYZVDuXDX:Z1tEcBQGKrhZiLsdaqTz6KqR
Score1/10 -