Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
06b1715f53fe4a47855f4f0e271993a1_JaffaCakes118
-
Size
161KB
-
Sample
240429-dn32asgd36
-
MD5
06b1715f53fe4a47855f4f0e271993a1
-
SHA1
617e8d74ffa767ea3ed074b687c160e16f73d7c5
-
SHA256
7285e27e75014a54a04eec4c0497b8c7c2b9dc7f5be99a65511733c33105d6c0
-
SHA512
0aaebc04bcc63b5d6138d7a135dbf6503f66a972b708e5790cf0330999ab8ca714300720988ea4a49cf616a0b7700bd1676132ad36fa0a16250a2121e405f679
-
SSDEEP
3072:tTLZhs0uDI0rAfOXl+y+uql/GOtsrVrqhTqndtndhndKndI:tTLFuD6fOXlql/GLJrqqndtndhndKndI
Behavioral task
behavioral1
Sample
06b1715f53fe4a47855f4f0e271993a1_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://butterchoco.net/admin/bull/gate.php
Targets
-
-
Target
06b1715f53fe4a47855f4f0e271993a1_JaffaCakes118
-
Size
161KB
-
MD5
06b1715f53fe4a47855f4f0e271993a1
-
SHA1
617e8d74ffa767ea3ed074b687c160e16f73d7c5
-
SHA256
7285e27e75014a54a04eec4c0497b8c7c2b9dc7f5be99a65511733c33105d6c0
-
SHA512
0aaebc04bcc63b5d6138d7a135dbf6503f66a972b708e5790cf0330999ab8ca714300720988ea4a49cf616a0b7700bd1676132ad36fa0a16250a2121e405f679
-
SSDEEP
3072:tTLZhs0uDI0rAfOXl+y+uql/GOtsrVrqhTqndtndhndKndI:tTLFuD6fOXlql/GLJrqqndtndhndKndI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-