Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f9a0a69dae75508adc7486cbc89e60c7_JaffaCakes118
-
Size
839KB
-
Sample
240419-gf4jmsac59
-
MD5
f9a0a69dae75508adc7486cbc89e60c7
-
SHA1
fc9b041f93e6276e3a7a11fc79f446a469cfbaa6
-
SHA256
cc3635e8f69d39427f470f0c6a687e88ea006c70077601177dd0852778d2ad08
-
SHA512
c7b5cdae9720b14802a36db2c3098c3e93160dd31a1b3913245b986b5f482c9ad4e575c187abe9464c51bcaf4c13e9ddf881129781b18e7f0ff698950dc7a0b2
-
SSDEEP
24576:PemdDdKiP7mjxRdIEkt1wbFsA9vT7YiEwxkdV:P3TCjxRjkhoT7BE1
Malware Config
Targets
-
-
Target
G_Client.exe
-
Size
827KB
-
MD5
56bebeecc213c2cd6bfe37679ebf1645
-
SHA1
54c661267b4dc1b6553ca1a49043a13fb13c4ee9
-
SHA256
bfebd4407e311f16db8b99f06429fa358311e5eb555d2565c3494cf90d9081df
-
SHA512
9cb57d4eb59403b8c70c6b630d1588e928b7ca3321023309efb171df2284308161bfbdbfadc6f6fe63a637385431da6a6a418401c613f41bd2bbcc71e0def12c
-
SSDEEP
12288:vzFCPb3dtAb6uZovzf/FvzzI38jwZzN86zXxlYzGgSqsNy2anwWh5A:vzWtt1uZovz37jDCPYzGg4u3
Score3/10 -
-
-
Target
G_Server.exe
-
Size
388KB
-
MD5
16c8a6096c6a55b0f1ac09b9882ee7b0
-
SHA1
48840eb1d44b376479553c99e33d1020b8031c66
-
SHA256
83f4acc7f2125e46ec8a6a9f205a1340f93322a1a8812ba75db41bd71e606a13
-
SHA512
89767fad311f15a6a03a8e966651b874d146ef226d9cb08835a555d42065b7fbe333504d60b33e2783b6d680209a4911950a82b4b936e7d9fd5c3c1bf398e1c5
-
SSDEEP
12288:JPgzpWVpdgb8Q2fG3Fd4WxbDCy2anwWhan:PTX+JxbDQu3An
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1