Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5ac4dea299a0dc62ea0541579aa36f37_JaffaCakes118
-
Size
34KB
-
Sample
240519-wzszksbd8s
-
MD5
5ac4dea299a0dc62ea0541579aa36f37
-
SHA1
e36ec58c23f79a3b907a075d7a835d8ebf17c495
-
SHA256
1428f978e5b7c6ce39a2676666f0bc7697415b02fe3bd6015112a5b1911738aa
-
SHA512
c6c9e922f412882a1a363c62639f4f6555ecfd0f14b66d15c44f678b22f8e0f4ef229b0e6d98b20fb022c5475870719e2f7a56fe877a991b866f0be3f909e827
-
SSDEEP
768:FpozStqL29wJLaHZ0hsnl+woo9n+6nbcuyD7Uvccpr:Fvt24pLnBnouy8vccpr
Malware Config
Targets
-
-
Target
5ac4dea299a0dc62ea0541579aa36f37_JaffaCakes118
-
Size
34KB
-
MD5
5ac4dea299a0dc62ea0541579aa36f37
-
SHA1
e36ec58c23f79a3b907a075d7a835d8ebf17c495
-
SHA256
1428f978e5b7c6ce39a2676666f0bc7697415b02fe3bd6015112a5b1911738aa
-
SHA512
c6c9e922f412882a1a363c62639f4f6555ecfd0f14b66d15c44f678b22f8e0f4ef229b0e6d98b20fb022c5475870719e2f7a56fe877a991b866f0be3f909e827
-
SSDEEP
768:FpozStqL29wJLaHZ0hsnl+woo9n+6nbcuyD7Uvccpr:Fvt24pLnBnouy8vccpr
-
Contacts a large (8962) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-