Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    004102493fba2aae71e3bf9ef44c4bf4_JaffaCakes118

  • Size

    136KB

  • Sample

    240426-h2j8kabe27

  • MD5

    004102493fba2aae71e3bf9ef44c4bf4

  • SHA1

    9a27834eb538ea041fc170ed4e1179b9d3ad94f1

  • SHA256

    db22ed4059ac26c750bd0894b92cf9a30ca2c0ecf4ab572dd7c8f59d973188d8

  • SHA512

    18015ca7327e8f919338960016ee33927eb5e5b1a156a7449e6709898d2268ae8abc00f0c3511501a4224777789ca519752a6631cf79190fc42ef99c466460fa

  • SSDEEP

    3072:NJmGKw0BiaynVRDwFwaSNDe1Fclgr+0StmnJza3yD/C8:+1w0Bfjwve1FbRWmYiZ

Malware Config

Targets

    • Target

      004102493fba2aae71e3bf9ef44c4bf4_JaffaCakes118

    • Size

      136KB

    • MD5

      004102493fba2aae71e3bf9ef44c4bf4

    • SHA1

      9a27834eb538ea041fc170ed4e1179b9d3ad94f1

    • SHA256

      db22ed4059ac26c750bd0894b92cf9a30ca2c0ecf4ab572dd7c8f59d973188d8

    • SHA512

      18015ca7327e8f919338960016ee33927eb5e5b1a156a7449e6709898d2268ae8abc00f0c3511501a4224777789ca519752a6631cf79190fc42ef99c466460fa

    • SSDEEP

      3072:NJmGKw0BiaynVRDwFwaSNDe1Fclgr+0StmnJza3yD/C8:+1w0Bfjwve1FbRWmYiZ

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks