Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3808e7514decc8b947582ca9439c3cfb_JaffaCakes118

  • Size

    7.1MB

  • Sample

    240512-d3anased6s

  • MD5

    3808e7514decc8b947582ca9439c3cfb

  • SHA1

    e45077df2568050fddf59e3cbe5515672579cac2

  • SHA256

    4177896c930119f07b65ac86de3d2aad4499844edf3080908f33e31df343c90a

  • SHA512

    981d0ec4554e1546ed70ee1c1833caf4960bf35b41752a36145b17af0bf3f5b5a6f02359adbdb4b85199291f6e75f3fe304a305cd6052806b953cf3b4ce8e261

  • SSDEEP

    196608:Bo9Z75gakv4wQFn3mURXtngyZY0mNq7qyWg7:WZdDbFn3tts0mNyl7

Malware Config

Targets

    • Target

      ywsj_20150311/9553下载站.url

    • Size

      123B

    • MD5

      641b7bd2fb28a200dc63636c8a42e01e

    • SHA1

      983ce619412387b4fd1eea0b0aea10c76da823a0

    • SHA256

      84b4b4fb5d876f65f02375bf947a3f29fa230b2f3e456c672029453c35f7bf9d

    • SHA512

      2cbb10b153f9c33b0e0965ef5e4208a91f29254c22a1599c33359056b1c0318dabf05c88d2ff79360ec589a6e23f73864321c0b05ea67fb5228c800205ed9757

    Score
    1/10
    • Target

      ywsj_20150311/余味视距20150308/Common.dll

    • Size

      4.6MB

    • MD5

      327732d1b313815dc5e53ed94515fb42

    • SHA1

      e4d8c36464acab55ef2c8161754c734a992f79a0

    • SHA256

      af6f9285d775df9d78850eccea0a61371f3499561d44f8b8d09977fe409d86f2

    • SHA512

      e74fb6379590ae77fba2df22373ca626137be6d5f64a68050f4f2cf69b4fc0f09b13389dd2aa34e45d28f516c6eccd70df909270953d2f0d785595233ed376b2

    • SSDEEP

      98304:HFZ32cG8vdluGj0bopo6NDJelBkp11oRvyXjSgGjs0rYtVMfs+B2hi:lZHGUdluG0o2ADeBy8Rvy2gNyGME+O

    Score
    7/10
    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      ywsj_20150311/余味视距20150308/Update.exe

    • Size

      219KB

    • MD5

      afff3539e509b2d9e9d29aa0c21a1962

    • SHA1

      9c76d70fa9be4cf946e0af55edb522b95770d203

    • SHA256

      314624a2850196562f33df1163942f9916b52e02ecad82fb9620e14f4c1b1913

    • SHA512

      e31b4786a77d9a3a09380bd432bc257b29be3f1353aa18fd0ca889c18ea00f13cca6f4cf28b5f5a4c7395bcd29b21ad377db7bf43e0986dbe528be6039c6254d

    • SSDEEP

      6144:3vNhc9TZvYTiZTkic2nxlKkrJ+rHMtoS2lc:VSlwYLcAN+rHMtoSuc

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      ywsj_20150311/余味视距20150308/iYuwei.dll

    • Size

      2.1MB

    • MD5

      3bdb92b38bdc6a5702ec1454534d0951

    • SHA1

      9276b0c8de889744fcdf34e7c81e158830b8bcbb

    • SHA256

      25ba0f3a0f6ddb0e9b0078640a8a2a2bf7e8948e0579d2080379debc8a272681

    • SHA512

      cff7a9033f7a141f52f0ad3152e97a5313f1185669d9e6da4d60a68602c6a1af3ec5250e1c39ea328758419e5d0a826bb5085f3e96fa4019f3c5c2e586f1c35f

    • SSDEEP

      49152:TFaPO+wdxES1YkPLCenZ05J8bIKSQ9uiij4DoUp5Z6ZsuVxzVYyIJaczFwx:TMGLd51YkPu4cJMGBj4DhDZANxBYts

    Score
    1/10
    • Target

      ywsj_20150311/余味视距20150308/补丁.exe

    • Size

      744KB

    • MD5

      10620a07d7cf9c9a3a5362003090df32

    • SHA1

      e2069c79c2153be71ad188b903d84c3a93ce75c7

    • SHA256

      ce7a7b04cc921be70f18a4481e89d708b661111a3473b0a0d42c9ce4895452c1

    • SHA512

      58959e7a3a7f347796188650175ffc58046394f12f1cb09fea5155d878ca4ce9ded11025f2cc3177d315b2d7610d30fffcc837c0fe216aa05a0700bcc4af796f

    • SSDEEP

      6144:kOwFVlnrmgDMSRG55pQho1A36IgG5dVfu4u+r6cmquNnIcalQ6UWJBZI/Qs4S5aj:kdFxdRG55yuIm4trCb4zJBmZz8pibQ

    Score
    3/10
    • Target

      ywsj_20150311/游戏攻略教程 - 9553资讯.url

    • Size

      122B

    • MD5

      6c97c03731681ea365b4ff506b11f1e5

    • SHA1

      9dcebc174df51e21cbf7d21177b22b14092a42b4

    • SHA256

      3b8c8cd12f2fc581a777310d893116c7a89cfff9037ea79d0d5ba67161d44ae6

    • SHA512

      6b61a12f9eab3e54c1496a29d1f23a3687df7111f20393a6e4632c4c8cb169dc53c8f458abb5ef4c97bad394c73862ab9861f8ee3cfc8c683c8eb8141eaac86c

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks