Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6a2022a03a55c4e40bf5bd7086c456e5_JaffaCakes118

  • Size

    198KB

  • Sample

    240724-ebadwszcma

  • MD5

    6a2022a03a55c4e40bf5bd7086c456e5

  • SHA1

    c1a29caf59a3c7cc545677e1aa4b7b837295bbbb

  • SHA256

    e23c5b1ac4f01aab19584688dca462885d70f5c53c0171a66e56eaa29d4122d3

  • SHA512

    4c8ab7d8c35c85c7f9114fecc922e3c6834dea09c98bd2b65bf0aeac3956619629f2f3e64ae278a06596e6ca97a21554c09ca7983fa9488c2de9f9c68459d4fb

  • SSDEEP

    3072:kN23fBIXgKDtmnB0mYCmHzX4pcQTz6RfuOXU1yGyalw8szX2hZK/:kN2vBIXgrnBIqSQTWRPPGXw8mXr

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6a2022a03a55c4e40bf5bd7086c456e5_JaffaCakes118

    • Size

      198KB

    • MD5

      6a2022a03a55c4e40bf5bd7086c456e5

    • SHA1

      c1a29caf59a3c7cc545677e1aa4b7b837295bbbb

    • SHA256

      e23c5b1ac4f01aab19584688dca462885d70f5c53c0171a66e56eaa29d4122d3

    • SHA512

      4c8ab7d8c35c85c7f9114fecc922e3c6834dea09c98bd2b65bf0aeac3956619629f2f3e64ae278a06596e6ca97a21554c09ca7983fa9488c2de9f9c68459d4fb

    • SSDEEP

      3072:kN23fBIXgKDtmnB0mYCmHzX4pcQTz6RfuOXU1yGyalw8szX2hZK/:kN2vBIXgrnBIqSQTWRPPGXw8mXr

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks