Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17daab6694384c39699c58829556a09d_JaffaCakes118

  • Size

    845KB

  • Sample

    240627-2ywa7sygrp

  • MD5

    17daab6694384c39699c58829556a09d

  • SHA1

    3fa392919b7eed4a0dd4abcf97f4365a83636084

  • SHA256

    2373ab6263115c4fb480b529e35111c54cd54637e73682cc698850d6bfd103e9

  • SHA512

    2aa171838a3ce58f5fcdf81246176985a34972f0c5ecb498ba10be237c580684453b1c0d25b089ed3352d0b5bfc82caa879c3ba6c7b8cf9c584c982f59b3d28f

  • SSDEEP

    24576:q/1CKg+Qo4LLg+qbS7AXd2TI5SV7wGNnhZ:ThgmBTI5SfN

Malware Config

Targets

    • Target

      17daab6694384c39699c58829556a09d_JaffaCakes118

    • Size

      845KB

    • MD5

      17daab6694384c39699c58829556a09d

    • SHA1

      3fa392919b7eed4a0dd4abcf97f4365a83636084

    • SHA256

      2373ab6263115c4fb480b529e35111c54cd54637e73682cc698850d6bfd103e9

    • SHA512

      2aa171838a3ce58f5fcdf81246176985a34972f0c5ecb498ba10be237c580684453b1c0d25b089ed3352d0b5bfc82caa879c3ba6c7b8cf9c584c982f59b3d28f

    • SSDEEP

      24576:q/1CKg+Qo4LLg+qbS7AXd2TI5SV7wGNnhZ:ThgmBTI5SfN

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks