Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
61c07b94aa1b119e673c69838173ec9b_JaffaCakes118
-
Size
2.0MB
-
Sample
240521-cyrwcafd4w
-
MD5
61c07b94aa1b119e673c69838173ec9b
-
SHA1
fff5dc6b40eedc988c615538c1bf2b03bb187680
-
SHA256
daeabb4f77670f7b24e89bf05e25bd5d17c5679fb6f3fa5baee1ba2d27ae9220
-
SHA512
f3758568f3706bf9c89e74669b472f1853a5d0694af4e2bb466154f1a9ba0ce75b0ad1a0b9cb3c0a60a81b96a758e4a4c80e1f60d93982ee98d13ff7b3f1f988
-
SSDEEP
49152:cUwT0VCJYbHkap4puMVV+cNOQTkcUK77ny+A+hAC/PjyOiPmYa/imLQbf:0WK+HfVUxOQTkRKXdA+JzyOYmFVQbf
Behavioral task
behavioral1
Sample
61c07b94aa1b119e673c69838173ec9b_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
61c07b94aa1b119e673c69838173ec9b_JaffaCakes118
-
Size
2.0MB
-
MD5
61c07b94aa1b119e673c69838173ec9b
-
SHA1
fff5dc6b40eedc988c615538c1bf2b03bb187680
-
SHA256
daeabb4f77670f7b24e89bf05e25bd5d17c5679fb6f3fa5baee1ba2d27ae9220
-
SHA512
f3758568f3706bf9c89e74669b472f1853a5d0694af4e2bb466154f1a9ba0ce75b0ad1a0b9cb3c0a60a81b96a758e4a4c80e1f60d93982ee98d13ff7b3f1f988
-
SSDEEP
49152:cUwT0VCJYbHkap4puMVV+cNOQTkcUK77ny+A+hAC/PjyOiPmYa/imLQbf:0WK+HfVUxOQTkRKXdA+JzyOYmFVQbf
-
Blocklisted process makes network request
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-