Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
37a9d80141dc56998cfc13f109a9956e_JaffaCakes118
-
Size
6.0MB
-
Sample
240512-ce9l2sbc2t
-
MD5
37a9d80141dc56998cfc13f109a9956e
-
SHA1
a1d05a4aec8a1c7cad8b50035af02eb747768f22
-
SHA256
3f3ba14bea218faacacf00b1c4ca9215c4fe0eb779a8748e444e736414081169
-
SHA512
8665f688017e5aed201aff39a457a6acdc4d61277d345c66a9481234aaeb804a93784a17a2182a9de44ec218d21c4a33f03519939c96a40a47673b6445186c20
-
SSDEEP
98304:mXz+dJwx89VNpI4BIXaLkoDeuFY2hqszgtpVWm9I5pp0giCvMR+Qhmo:+K8x89VQeIXaLkIJFZDMVr8k9R7
Static task
static1
Behavioral task
behavioral1
Sample
37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
37a9d80141dc56998cfc13f109a9956e_JaffaCakes118
-
Size
6.0MB
-
MD5
37a9d80141dc56998cfc13f109a9956e
-
SHA1
a1d05a4aec8a1c7cad8b50035af02eb747768f22
-
SHA256
3f3ba14bea218faacacf00b1c4ca9215c4fe0eb779a8748e444e736414081169
-
SHA512
8665f688017e5aed201aff39a457a6acdc4d61277d345c66a9481234aaeb804a93784a17a2182a9de44ec218d21c4a33f03519939c96a40a47673b6445186c20
-
SSDEEP
98304:mXz+dJwx89VNpI4BIXaLkoDeuFY2hqszgtpVWm9I5pp0giCvMR+Qhmo:+K8x89VQeIXaLkIJFZDMVr8k9R7
-
Vidar Stealer
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-