Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    671dc61740c13b2f4be45f74383472fd_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240723-lzlkdszdne

  • MD5

    671dc61740c13b2f4be45f74383472fd

  • SHA1

    29d302edc1887cb0b94246ed1252cb17ef185a4a

  • SHA256

    a06eed8209ef414d452fa00ab3cd021ef75ecc1eda22694bfbdde21f0dd8ec2d

  • SHA512

    4dc9c9454ac1db2dfa9b6cbdb111c73c08969c8fb40e898577294f3dd3560f8853884ad1abc374d2d1f33bc6fa4f32f8113d95f4f75307d3322df51289a091a9

  • SSDEEP

    24576:rmUq5++3ZMzuaUKub/0V6fr4k1EPhJ7af6PUpYM+yP0L2N:r85++pMDUKubsO4cghDeYMz0L2N

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    009613123

Targets

    • Target

      671dc61740c13b2f4be45f74383472fd_JaffaCakes118

    • Size

      1.2MB

    • MD5

      671dc61740c13b2f4be45f74383472fd

    • SHA1

      29d302edc1887cb0b94246ed1252cb17ef185a4a

    • SHA256

      a06eed8209ef414d452fa00ab3cd021ef75ecc1eda22694bfbdde21f0dd8ec2d

    • SHA512

      4dc9c9454ac1db2dfa9b6cbdb111c73c08969c8fb40e898577294f3dd3560f8853884ad1abc374d2d1f33bc6fa4f32f8113d95f4f75307d3322df51289a091a9

    • SSDEEP

      24576:rmUq5++3ZMzuaUKub/0V6fr4k1EPhJ7af6PUpYM+yP0L2N:r85++pMDUKubsO4cghDeYMz0L2N

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks