Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

29/04/2024, 17:58

240429-wkjscsgg46 10

29/04/2024, 17:54

240429-wg64gshb2s 10

General

  • Target

    08448a94a9c69ba7c6282108561036d4_JaffaCakes118

  • Size

    512KB

  • Sample

    240429-wkjscsgg46

  • MD5

    08448a94a9c69ba7c6282108561036d4

  • SHA1

    5abda980f646bd60457869f9aef8ba1e1dde024c

  • SHA256

    a837b91aedefd4a62d7785a29b42ed3bfb6a9b1e18776e740a51905a21c8ce66

  • SHA512

    4addb089a8c7875b7c09bfa6d9b0a153a659d0b0213e6ab69e11c92dbc61accc42b1c2606b0d1de2abac62e82c23643adea8abe664d6f768ffa8fa585a8d4921

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6/:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5W

Malware Config

Targets

    • Target

      08448a94a9c69ba7c6282108561036d4_JaffaCakes118

    • Size

      512KB

    • MD5

      08448a94a9c69ba7c6282108561036d4

    • SHA1

      5abda980f646bd60457869f9aef8ba1e1dde024c

    • SHA256

      a837b91aedefd4a62d7785a29b42ed3bfb6a9b1e18776e740a51905a21c8ce66

    • SHA512

      4addb089a8c7875b7c09bfa6d9b0a153a659d0b0213e6ab69e11c92dbc61accc42b1c2606b0d1de2abac62e82c23643adea8abe664d6f768ffa8fa585a8d4921

    • SSDEEP

      6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6/:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5W

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks