Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
270a3519a8e7eb37a61138fd3cb2a552_JaffaCakes118
-
Size
119KB
-
Sample
240705-t8tlcsthnf
-
MD5
270a3519a8e7eb37a61138fd3cb2a552
-
SHA1
0a92d07330d5af6c740820d7a0628ad8b3034a8b
-
SHA256
55e757eeb966e4389ee54fa25bbf401694f6192da5b2796ff6c2d135e8957346
-
SHA512
5830196e3a5479efcfbf6989974bbdea961a9d86a21cb4ad2c9ffb47a649d73695c3a60e7e3b72364195bfcaafe306616b447b3364ee9013ddefcec2ce7e2735
-
SSDEEP
3072:NhyVR3H397BpjsokToH3w1VOJOAmEPgrCA7mEjzZt+V:NEnsPTooOJOLEPzAdtc
Malware Config
Targets
-
-
Target
270a3519a8e7eb37a61138fd3cb2a552_JaffaCakes118
-
Size
119KB
-
MD5
270a3519a8e7eb37a61138fd3cb2a552
-
SHA1
0a92d07330d5af6c740820d7a0628ad8b3034a8b
-
SHA256
55e757eeb966e4389ee54fa25bbf401694f6192da5b2796ff6c2d135e8957346
-
SHA512
5830196e3a5479efcfbf6989974bbdea961a9d86a21cb4ad2c9ffb47a649d73695c3a60e7e3b72364195bfcaafe306616b447b3364ee9013ddefcec2ce7e2735
-
SSDEEP
3072:NhyVR3H397BpjsokToH3w1VOJOAmEPgrCA7mEjzZt+V:NEnsPTooOJOLEPzAdtc
Score9/10-
Renames multiple (216) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-