Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b536fb920e7ef641d548d0a402a29735_JaffaCakes118

  • Size

    776KB

  • Sample

    240616-zy9sgsxhrb

  • MD5

    b536fb920e7ef641d548d0a402a29735

  • SHA1

    7cc13314f4780abb0c74939ee3e3aa28cb7dd2ed

  • SHA256

    6542ea63971032f653f080578ed064421a60fd87102bacb3fe10c2dd774bad41

  • SHA512

    d30276e06408a716e5d7658324fc2154a9ab0a53b023c8035e1aa3f5cd7aeb9010795d5b24b817bb0732a985a8429eba51b67b5692c97379d89781f991d3e896

  • SSDEEP

    12288:ESgIU81VPhOKSw47n2Xfb6RLZbpFkOLNm:V1VhSDn2PbsbphNm

Malware Config

Extracted

Family

azorult

C2

http://sewakoto.us/panel/1/index.php

Targets

    • Target

      b536fb920e7ef641d548d0a402a29735_JaffaCakes118

    • Size

      776KB

    • MD5

      b536fb920e7ef641d548d0a402a29735

    • SHA1

      7cc13314f4780abb0c74939ee3e3aa28cb7dd2ed

    • SHA256

      6542ea63971032f653f080578ed064421a60fd87102bacb3fe10c2dd774bad41

    • SHA512

      d30276e06408a716e5d7658324fc2154a9ab0a53b023c8035e1aa3f5cd7aeb9010795d5b24b817bb0732a985a8429eba51b67b5692c97379d89781f991d3e896

    • SSDEEP

      12288:ESgIU81VPhOKSw47n2Xfb6RLZbpFkOLNm:V1VhSDn2PbsbphNm

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks