Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f742a33fcbf2320f16d1bc9ed77c4142_JaffaCakes118

  • Size

    436KB

  • Sample

    240418-e1k7paah65

  • MD5

    f742a33fcbf2320f16d1bc9ed77c4142

  • SHA1

    91404bc7bdfbd38c8ba8b1e443c93e9889ad6db6

  • SHA256

    b8c2d66141a7bc1c2e91bf31ea61c6dd9c3cfaac436bd51f8f54f6b8b2831822

  • SHA512

    80deef118f8b6059b1a033faf474faf8de4e03ee2fb55e53e4776ca13798ea0443b41d7b62ff17536ed47d1fd255225255e4161aac96bde751c3cf48fb89075f

  • SSDEEP

    12288:6y6ff3Sz70R4aHPuWV30jDQNvBc15su/:6pf3SnatHW4wOvBqsK

Malware Config

Targets

    • Target

      f742a33fcbf2320f16d1bc9ed77c4142_JaffaCakes118

    • Size

      436KB

    • MD5

      f742a33fcbf2320f16d1bc9ed77c4142

    • SHA1

      91404bc7bdfbd38c8ba8b1e443c93e9889ad6db6

    • SHA256

      b8c2d66141a7bc1c2e91bf31ea61c6dd9c3cfaac436bd51f8f54f6b8b2831822

    • SHA512

      80deef118f8b6059b1a033faf474faf8de4e03ee2fb55e53e4776ca13798ea0443b41d7b62ff17536ed47d1fd255225255e4161aac96bde751c3cf48fb89075f

    • SSDEEP

      12288:6y6ff3Sz70R4aHPuWV30jDQNvBc15su/:6pf3SnatHW4wOvBqsK

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks