Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3eaf50d321dd600bf124e00c3bb2ca07_JaffaCakes118

  • Size

    208KB

  • Sample

    240712-yqvsxsxhnq

  • MD5

    3eaf50d321dd600bf124e00c3bb2ca07

  • SHA1

    868527efa606e965cd11f29c577483b449e0f0ad

  • SHA256

    571798be0c7340ab297c852267866c62f52569458123bf135ec83c80044bb3ef

  • SHA512

    cdbe7d2676a9974ed53c4fc8bcb75337ee9f4e8a448ffab25198770ad50f5e8a672a53b9c11bc6f6d4d7b9d35e49dca8e9c507a74566dfdefa31f90922633a8c

  • SSDEEP

    3072:bVHgCc4xGvbwcU9KQ2BBAHmaPxiVoyb5EL:yCc4xGxWKQ2Bonxl

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.byethost12.com
  • Port:
    21
  • Username:
    b12_8082975
  • Password:
    951753zx

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      3eaf50d321dd600bf124e00c3bb2ca07_JaffaCakes118

    • Size

      208KB

    • MD5

      3eaf50d321dd600bf124e00c3bb2ca07

    • SHA1

      868527efa606e965cd11f29c577483b449e0f0ad

    • SHA256

      571798be0c7340ab297c852267866c62f52569458123bf135ec83c80044bb3ef

    • SHA512

      cdbe7d2676a9974ed53c4fc8bcb75337ee9f4e8a448ffab25198770ad50f5e8a672a53b9c11bc6f6d4d7b9d35e49dca8e9c507a74566dfdefa31f90922633a8c

    • SSDEEP

      3072:bVHgCc4xGvbwcU9KQ2BBAHmaPxiVoyb5EL:yCc4xGxWKQ2Bonxl

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks