Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118

  • Size

    60KB

  • Sample

    240610-qaf1tswelb

  • MD5

    9ac0724cd20d2574580f0bf06b8aea75

  • SHA1

    5e2088c4bdae79d584f5478782337701a8467cda

  • SHA256

    aa4b6310c2dbd466a089cd9a7a414a50c3124f70c763fc0d1cb7c922e29c3890

  • SHA512

    1e43b5a267c6bcfbe7493ccdf9b5493126bdbeb6bb049e7c020fa51aa829be08d6ab686aa51a47bb239c0b25c088fa38dea9cd9f2d93d65b9e02155d98d62da4

  • SSDEEP

    768:/HV30jqxr5ScACZXpzsXUKY5l02d1zButV2:/13eqxlFAatOwR7

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

xor.base64

Targets

    • Target

      9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118

    • Size

      60KB

    • MD5

      9ac0724cd20d2574580f0bf06b8aea75

    • SHA1

      5e2088c4bdae79d584f5478782337701a8467cda

    • SHA256

      aa4b6310c2dbd466a089cd9a7a414a50c3124f70c763fc0d1cb7c922e29c3890

    • SHA512

      1e43b5a267c6bcfbe7493ccdf9b5493126bdbeb6bb049e7c020fa51aa829be08d6ab686aa51a47bb239c0b25c088fa38dea9cd9f2d93d65b9e02155d98d62da4

    • SSDEEP

      768:/HV30jqxr5ScACZXpzsXUKY5l02d1zButV2:/13eqxlFAatOwR7

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Guloader payload

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks