Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7e325204fdaa3d9a4be3facd66a01bf9_JaffaCakes118
-
Size
1.1MB
-
Sample
240528-yl22fahh3x
-
MD5
7e325204fdaa3d9a4be3facd66a01bf9
-
SHA1
72ae942dbdd61ab7256bac03a71c2f6488c4f381
-
SHA256
dfedae8d3b13ad57c1ce0abcccc3578c411e890fde8c118c64aa7b1564aeead4
-
SHA512
e91f5a3a8fd3e6800454eeba81c6489c3097d00f18e3126c036307f0d6909e91e618d26340fcadf4c7fc61a632f9fede8a8573f6712a3ad0f4d85b28ee834865
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXMmHaCfIGCImN5:1h+ZkldoPK8YaCy
Static task
static1
Behavioral task
behavioral1
Sample
7e325204fdaa3d9a4be3facd66a01bf9_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
netwire
checklewis.ddns.net:3361
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
qbpWIrEm
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
7e325204fdaa3d9a4be3facd66a01bf9_JaffaCakes118
-
Size
1.1MB
-
MD5
7e325204fdaa3d9a4be3facd66a01bf9
-
SHA1
72ae942dbdd61ab7256bac03a71c2f6488c4f381
-
SHA256
dfedae8d3b13ad57c1ce0abcccc3578c411e890fde8c118c64aa7b1564aeead4
-
SHA512
e91f5a3a8fd3e6800454eeba81c6489c3097d00f18e3126c036307f0d6909e91e618d26340fcadf4c7fc61a632f9fede8a8573f6712a3ad0f4d85b28ee834865
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXMmHaCfIGCImN5:1h+ZkldoPK8YaCy
-
NetWire RAT payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-