Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6a39e3f3425409246d027f141aea485b_JaffaCakes118

  • Size

    126KB

  • Sample

    240724-e1sa1axhjp

  • MD5

    6a39e3f3425409246d027f141aea485b

  • SHA1

    8ecbc388daddfe316038a8913b68b8966fe87c52

  • SHA256

    178a61d0fa02e1aeded63c9c17b27e7420689fdb8fd75740e4125484566aab89

  • SHA512

    5b87a1a28eb665c5ea124e64d3603012f6af15afae279d1b83703908d57096b91ecfe9046d98095b951031dace4a4bf3b46c5eb5a8cf396d178d3b70b754928a

  • SSDEEP

    3072:sNuLp9+wX4J99Mlf5HTRnG0VabujeEDEy8YTIb93eX1p1tV75pJBVDs1AQjylOyl:sNuLp9h4J99Mlf5HTRnG0VabujeEDEyz

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.6.249:4444

Targets

    • Target

      6a39e3f3425409246d027f141aea485b_JaffaCakes118

    • Size

      126KB

    • MD5

      6a39e3f3425409246d027f141aea485b

    • SHA1

      8ecbc388daddfe316038a8913b68b8966fe87c52

    • SHA256

      178a61d0fa02e1aeded63c9c17b27e7420689fdb8fd75740e4125484566aab89

    • SHA512

      5b87a1a28eb665c5ea124e64d3603012f6af15afae279d1b83703908d57096b91ecfe9046d98095b951031dace4a4bf3b46c5eb5a8cf396d178d3b70b754928a

    • SSDEEP

      3072:sNuLp9+wX4J99Mlf5HTRnG0VabujeEDEy8YTIb93eX1p1tV75pJBVDs1AQjylOyl:sNuLp9h4J99Mlf5HTRnG0VabujeEDEyz

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks