Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    418a345985b3014859baebf1fb029ae8_JaffaCakes118

  • Size

    104KB

  • Sample

    240514-pzg4ragb63

  • MD5

    418a345985b3014859baebf1fb029ae8

  • SHA1

    0eb5e89db92c78699f15d66c6adbedf52225c3c2

  • SHA256

    b31f4aeb39edab45b99780aebf98451f2b9a045bb42814d2f0b3458ff2a3995d

  • SHA512

    aea4ada28c2392728b18e269698e8b5e6ede1fb4a413e287cc0b17dd315a978f5e5cc9ab3402e734af207eb15ac0af4025849b5d930b1c78e54b00396a3c6f4b

  • SSDEEP

    768:qY0Kk0AP0UM/ikfJ+1bmamD+OlQncbNyywqx2grUX7TUi:X1AP017B+1bP+jQqUqnrFi

Malware Config

Extracted

Family

guloader

C2

http://rudraagrointernational.com/cgi-bins/bin/98kksjh.bin

http://cassiagumrefined.com/css/animates/bin/98kksjh.bin

xor.base64

Targets

    • Target

      418a345985b3014859baebf1fb029ae8_JaffaCakes118

    • Size

      104KB

    • MD5

      418a345985b3014859baebf1fb029ae8

    • SHA1

      0eb5e89db92c78699f15d66c6adbedf52225c3c2

    • SHA256

      b31f4aeb39edab45b99780aebf98451f2b9a045bb42814d2f0b3458ff2a3995d

    • SHA512

      aea4ada28c2392728b18e269698e8b5e6ede1fb4a413e287cc0b17dd315a978f5e5cc9ab3402e734af207eb15ac0af4025849b5d930b1c78e54b00396a3c6f4b

    • SSDEEP

      768:qY0Kk0AP0UM/ikfJ+1bmamD+OlQncbNyywqx2grUX7TUi:X1AP017B+1bP+jQqUqnrFi

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks