Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    86391598a6c19d4a738a341dc3e7e071_JaffaCakes118

  • Size

    13.7MB

  • Sample

    240531-hc1t1sba37

  • MD5

    86391598a6c19d4a738a341dc3e7e071

  • SHA1

    9907c5c325ea64c2183b899cddaadd9506712ee9

  • SHA256

    22e4f72c966d77d30c53ee44964d584aefc4d7247ab5403d558ab24791bda4b8

  • SHA512

    159fa99257c8f7fe80eb8b95cf1fd9316ab00dd04bfe8618ef8e7afe4b18a6f51af33bda31a4a471cf809e30431bebd53f28726a4f3016495bdede290cf1ce62

  • SSDEEP

    393216:SDE7Oib6OguyYsJJDXB8w41SBHA73ULsJ9cCGciSpc:SQ7OwB2TVXfQqAwL09Yj

Malware Config

Targets

    • Target

      CCleaner.exe

    • Size

      13.0MB

    • MD5

      3a6159f8c9fe7feac3cc654f0f480102

    • SHA1

      6f1538e24e39411a915077840c42c23cc734159c

    • SHA256

      5fc24a79699229ef15b665209f92b635011eca25f0c7062aab64a87cb668db1a

    • SHA512

      c2495a5661c39b1751cabc92a5b5a2baf0443858e60173761cc208319bed8b8d16c0273c1c7084927067d558d6ccbc56b31a58652579f617d6bc754aa75274b2

    • SSDEEP

      196608:hm2nto8x4sLUnv0w4196WevtKaAmxrqNyzGLA9uB:hBntronvqDGYoxrqNyZu

    Score
    6/10
    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      CCleaner64.exe

    • Size

      17.5MB

    • MD5

      c7bab4fb92edd4ec40f20c0951168360

    • SHA1

      dcb42f8964e93e13a2d2d05fb2d229bf9e48f4f2

    • SHA256

      ef9139178ada1bcb0813c319acc2489f507b6048d93a182feccb05fba11b9ece

    • SHA512

      ebfb65122f2433b6a49e56074957361d6023b4eae650f5db321f34a0e74090d1a52d72b5b901712a9d9d7fd7a96a88ebf905c79fd3108d4b327f7054646ade7a

    • SSDEEP

      98304:hFbG5jIqxuVHEAINRFAl/Bf5S9g8peGVErqN0EV+RzI6ES2InIgIkSVftdH3cHvv:LsjIKuVdIn+rf50lpErqNJD2GLA9J

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks