Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
841e9227af67d61b8db0d61e56a2674c_JaffaCakes118
-
Size
543KB
-
Sample
240530-nxbcraha55
-
MD5
841e9227af67d61b8db0d61e56a2674c
-
SHA1
53570172745634ae234cc5781c4537bfec5931b2
-
SHA256
c6116c1f7d5326b65000c44e2c690967672a658d6123f8ecb1634277748bebbc
-
SHA512
c12c17aafbd7d9ce65f7bb067f90ae7a9d1d4b494e2e60ec099b2afbe2d190b8840689217c58bd724fb1706489a063da49e1aa973df10cd6c004fa5af80b8c06
-
SSDEEP
12288:cQawNsW7lerECtu4aLgbqu6khVc0qI7oe3gP5WecUa/0TBPf0:cQa+HperrOUj6k7ZqC30tbBPf0
Static task
static1
Behavioral task
behavioral1
Sample
841e9227af67d61b8db0d61e56a2674c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
841e9227af67d61b8db0d61e56a2674c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
netwire
79.172.242.87:3305
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
Summer
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
HsOoVGHW
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
841e9227af67d61b8db0d61e56a2674c_JaffaCakes118
-
Size
543KB
-
MD5
841e9227af67d61b8db0d61e56a2674c
-
SHA1
53570172745634ae234cc5781c4537bfec5931b2
-
SHA256
c6116c1f7d5326b65000c44e2c690967672a658d6123f8ecb1634277748bebbc
-
SHA512
c12c17aafbd7d9ce65f7bb067f90ae7a9d1d4b494e2e60ec099b2afbe2d190b8840689217c58bd724fb1706489a063da49e1aa973df10cd6c004fa5af80b8c06
-
SSDEEP
12288:cQawNsW7lerECtu4aLgbqu6khVc0qI7oe3gP5WecUa/0TBPf0:cQa+HperrOUj6k7ZqC30tbBPf0
Score10/10-
NetWire RAT payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-