Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
418a345985b3014859baebf1fb029ae8_JaffaCakes118
-
Size
104KB
-
Sample
240514-pzg4ragb63
-
MD5
418a345985b3014859baebf1fb029ae8
-
SHA1
0eb5e89db92c78699f15d66c6adbedf52225c3c2
-
SHA256
b31f4aeb39edab45b99780aebf98451f2b9a045bb42814d2f0b3458ff2a3995d
-
SHA512
aea4ada28c2392728b18e269698e8b5e6ede1fb4a413e287cc0b17dd315a978f5e5cc9ab3402e734af207eb15ac0af4025849b5d930b1c78e54b00396a3c6f4b
-
SSDEEP
768:qY0Kk0AP0UM/ikfJ+1bmamD+OlQncbNyywqx2grUX7TUi:X1AP017B+1bP+jQqUqnrFi
Static task
static1
Behavioral task
behavioral1
Sample
418a345985b3014859baebf1fb029ae8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
418a345985b3014859baebf1fb029ae8_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
guloader
http://rudraagrointernational.com/cgi-bins/bin/98kksjh.bin
http://cassiagumrefined.com/css/animates/bin/98kksjh.bin
Targets
-
-
Target
418a345985b3014859baebf1fb029ae8_JaffaCakes118
-
Size
104KB
-
MD5
418a345985b3014859baebf1fb029ae8
-
SHA1
0eb5e89db92c78699f15d66c6adbedf52225c3c2
-
SHA256
b31f4aeb39edab45b99780aebf98451f2b9a045bb42814d2f0b3458ff2a3995d
-
SHA512
aea4ada28c2392728b18e269698e8b5e6ede1fb4a413e287cc0b17dd315a978f5e5cc9ab3402e734af207eb15ac0af4025849b5d930b1c78e54b00396a3c6f4b
-
SSDEEP
768:qY0Kk0AP0UM/ikfJ+1bmamD+OlQncbNyywqx2grUX7TUi:X1AP017B+1bP+jQqUqnrFi
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-