Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    33a1817318ec0001b2d3a6cabfa0575c_JaffaCakes118

  • Size

    414KB

  • Sample

    240710-g4tdks1gmm

  • MD5

    33a1817318ec0001b2d3a6cabfa0575c

  • SHA1

    a655e3840976bfff1d723875f427c02d90419c18

  • SHA256

    09afbed83b50524e5544ddd283f50e4e5c0dd3d85b427019c2d3d46914c32f3b

  • SHA512

    c4c1d0a89881f5013f970caa36e02887949bad8b2d06de5c8b3a6657502fa293a4277f33d22798f1e05f51f96ad9cf1902de62cfd099a86dbd769ce9d687dc13

  • SSDEEP

    6144:6G377xS2Vp2CeiorXhwTBx53ypcCJJvHv4RoSNZzRT+JLN666:pr7xS2Vp6FwTUbJJvHwRoSNVJ+FN666

Malware Config

Targets

    • Target

      33a1817318ec0001b2d3a6cabfa0575c_JaffaCakes118

    • Size

      414KB

    • MD5

      33a1817318ec0001b2d3a6cabfa0575c

    • SHA1

      a655e3840976bfff1d723875f427c02d90419c18

    • SHA256

      09afbed83b50524e5544ddd283f50e4e5c0dd3d85b427019c2d3d46914c32f3b

    • SHA512

      c4c1d0a89881f5013f970caa36e02887949bad8b2d06de5c8b3a6657502fa293a4277f33d22798f1e05f51f96ad9cf1902de62cfd099a86dbd769ce9d687dc13

    • SSDEEP

      6144:6G377xS2Vp2CeiorXhwTBx53ypcCJJvHv4RoSNZzRT+JLN666:pr7xS2Vp6FwTUbJJvHwRoSNVJ+FN666

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks