Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    02b7ff64c6ab85ea4fd39a8e082c282a_JaffaCakes118

  • Size

    14.2MB

  • Sample

    240427-h9l25aed8t

  • MD5

    02b7ff64c6ab85ea4fd39a8e082c282a

  • SHA1

    d6a1a0e0cd651de2ec4b0ad0753513a30c37e358

  • SHA256

    ece34d78b747a27cefa8fb81b4a68b29f341096e65c065d7af29d14f671f281c

  • SHA512

    7ba0878687286ad67cd6ffbc1bac77b7da16e1d804817429f6685d979a0d14dcffd21675134b99771bc7613b585db0ca1033c96faa26aafd3a4f062a16ea453c

  • SSDEEP

    196608:Ta9+6Y7SOEibgRNKube8Kvla9+6Y7SOEibgRNKube8Kv8:TFgRMFgRJ

Malware Config

Targets

    • Target

      02b7ff64c6ab85ea4fd39a8e082c282a_JaffaCakes118

    • Size

      14.2MB

    • MD5

      02b7ff64c6ab85ea4fd39a8e082c282a

    • SHA1

      d6a1a0e0cd651de2ec4b0ad0753513a30c37e358

    • SHA256

      ece34d78b747a27cefa8fb81b4a68b29f341096e65c065d7af29d14f671f281c

    • SHA512

      7ba0878687286ad67cd6ffbc1bac77b7da16e1d804817429f6685d979a0d14dcffd21675134b99771bc7613b585db0ca1033c96faa26aafd3a4f062a16ea453c

    • SSDEEP

      196608:Ta9+6Y7SOEibgRNKube8Kvla9+6Y7SOEibgRNKube8Kv8:TFgRMFgRJ

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UAC bypass

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks