Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4a1b278e22d8bacdb0764a0ef68fa44e_JaffaCakes118

  • Size

    784KB

  • Sample

    240715-r2c9pawakr

  • MD5

    4a1b278e22d8bacdb0764a0ef68fa44e

  • SHA1

    9d638697c5c1426295e7013e29da5da9fd7b6e08

  • SHA256

    7ddeb263d000da9cdad7f64b0fa20eaa6e49452da2c58231cc1f5d1b2075346c

  • SHA512

    ebf3bdefe5c17dc65fa227194c5392f381f76a2a9f13d4a79c9bbbdafd886f2ab870599e35e68c3299920b6d91b8459053f5151c463f84a10c338b2f8df24c87

  • SSDEEP

    12288:6DvpRBk2lTLqzEPlnvHeASzmR1CXEtwroAOCCE3VkxBH8Y1tz2wASRvBmL9c0zJU:KYARvBAcwioRS

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ranuranuwcs

Targets

    • Target

      4a1b278e22d8bacdb0764a0ef68fa44e_JaffaCakes118

    • Size

      784KB

    • MD5

      4a1b278e22d8bacdb0764a0ef68fa44e

    • SHA1

      9d638697c5c1426295e7013e29da5da9fd7b6e08

    • SHA256

      7ddeb263d000da9cdad7f64b0fa20eaa6e49452da2c58231cc1f5d1b2075346c

    • SHA512

      ebf3bdefe5c17dc65fa227194c5392f381f76a2a9f13d4a79c9bbbdafd886f2ab870599e35e68c3299920b6d91b8459053f5151c463f84a10c338b2f8df24c87

    • SSDEEP

      12288:6DvpRBk2lTLqzEPlnvHeASzmR1CXEtwroAOCCE3VkxBH8Y1tz2wASRvBmL9c0zJU:KYARvBAcwioRS

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks