Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3c99963b30c3cda4768b8d99c80e62d1_JaffaCakes118

  • Size

    382KB

  • Sample

    240712-j1qjmaxdpb

  • MD5

    3c99963b30c3cda4768b8d99c80e62d1

  • SHA1

    a7a4cb67e4b5d142e91ead6fda3e04c8246073ca

  • SHA256

    363b8d8183cd26fe4217577d5adcf51ba4fc94c72f59bf472e42f6a2a2de3561

  • SHA512

    b4d5fee14d1d61a03b3126f874af0945f5e814a6ff74f9ce22f08f142c3f113fa5564aed8e75adf41d055af69819e124a3cb5f686e352bd79c340c3e5977d014

  • SSDEEP

    6144:rEDajNuJjujoeSP4SY5fl2+dGYAo9RK1gz9Koc7yQfcO4bcfS4KZR/3/An2a9pzu:I2KeSP4SY5fl2+dGYAo9RK1gz9Koc7yJ

Malware Config

Targets

    • Target

      3c99963b30c3cda4768b8d99c80e62d1_JaffaCakes118

    • Size

      382KB

    • MD5

      3c99963b30c3cda4768b8d99c80e62d1

    • SHA1

      a7a4cb67e4b5d142e91ead6fda3e04c8246073ca

    • SHA256

      363b8d8183cd26fe4217577d5adcf51ba4fc94c72f59bf472e42f6a2a2de3561

    • SHA512

      b4d5fee14d1d61a03b3126f874af0945f5e814a6ff74f9ce22f08f142c3f113fa5564aed8e75adf41d055af69819e124a3cb5f686e352bd79c340c3e5977d014

    • SSDEEP

      6144:rEDajNuJjujoeSP4SY5fl2+dGYAo9RK1gz9Koc7yQfcO4bcfS4KZR/3/An2a9pzu:I2KeSP4SY5fl2+dGYAo9RK1gz9Koc7yJ

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks