Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4939cf016965f1a1a7aefe3b63b1033a_JaffaCakes118
-
Size
144KB
-
Sample
240715-lk3kcszcqk
-
MD5
4939cf016965f1a1a7aefe3b63b1033a
-
SHA1
b2d831c0fe472b408ef7aae156fdb8fef93f59f0
-
SHA256
4c51b6260e0845deb01c55a03be4e29a043e87039e369c97e5ddf986482291a8
-
SHA512
94c27831bfd856f274d3d176460e3ec5ce31a75bdd88a1b9239819e905f5c94b12c8a77bc7d6dde5cd188794cdbad928061c0b52d53700d28c5968ee35d5b547
-
SSDEEP
3072:s0IYwk7xA1aHbSnCZYoB1rLAxgutQb0HdUyY6CpaJFsZLoYHYd:nIYwkdBSn8YoLLVrbwzuaj2rH0
Static task
static1
Behavioral task
behavioral1
Sample
4939cf016965f1a1a7aefe3b63b1033a_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
pony
http://74.53.97.66:8080/forum/viewtopic.php
http://74.53.97.67:8080/forum/viewtopic.php
-
payload_url
http://orion.obidigital.net/d09ZhGf.exe
http://ftp.lastraautosport.com.ar/xjH.exe
Targets
-
-
Target
4939cf016965f1a1a7aefe3b63b1033a_JaffaCakes118
-
Size
144KB
-
MD5
4939cf016965f1a1a7aefe3b63b1033a
-
SHA1
b2d831c0fe472b408ef7aae156fdb8fef93f59f0
-
SHA256
4c51b6260e0845deb01c55a03be4e29a043e87039e369c97e5ddf986482291a8
-
SHA512
94c27831bfd856f274d3d176460e3ec5ce31a75bdd88a1b9239819e905f5c94b12c8a77bc7d6dde5cd188794cdbad928061c0b52d53700d28c5968ee35d5b547
-
SSDEEP
3072:s0IYwk7xA1aHbSnCZYoB1rLAxgutQb0HdUyY6CpaJFsZLoYHYd:nIYwkdBSn8YoLLVrbwzuaj2rH0
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-