Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    145fef85c878f425d4ce9cd0dda21528_JaffaCakes118

  • Size

    16.2MB

  • Sample

    240504-zcaq9sae6y

  • MD5

    145fef85c878f425d4ce9cd0dda21528

  • SHA1

    2dec292c5e93c3284c1b0f14408dd42bfc0167fc

  • SHA256

    034fe030f12edbc41527f20a5a29731b833101117973b723e7fb816458ee44ad

  • SHA512

    d663e3c5db06ba610109e2fed924480f2f130c666fe55be6552ea8a9eb93cc8184ab3de8a10b8ecd41dda26e41905605a44d61e49fd08c079dccc522afdc90c4

  • SSDEEP

    98304:XX77GBfWZ5KYOXwnS4rVQSoYOXwnS4rVt3:vGBfWZJIz8IE

Malware Config

Targets

    • Target

      145fef85c878f425d4ce9cd0dda21528_JaffaCakes118

    • Size

      16.2MB

    • MD5

      145fef85c878f425d4ce9cd0dda21528

    • SHA1

      2dec292c5e93c3284c1b0f14408dd42bfc0167fc

    • SHA256

      034fe030f12edbc41527f20a5a29731b833101117973b723e7fb816458ee44ad

    • SHA512

      d663e3c5db06ba610109e2fed924480f2f130c666fe55be6552ea8a9eb93cc8184ab3de8a10b8ecd41dda26e41905605a44d61e49fd08c079dccc522afdc90c4

    • SSDEEP

      98304:XX77GBfWZ5KYOXwnS4rVQSoYOXwnS4rVt3:vGBfWZJIz8IE

    • Contacts a large (746) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks