Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a1457583100181705617dabaf927fc14_JaffaCakes118

  • Size

    258KB

  • Sample

    240817-fk77ysyblc

  • MD5

    a1457583100181705617dabaf927fc14

  • SHA1

    88cdfa7cd8f2f2122b37e8927ab9d7df769027bb

  • SHA256

    176e869fd27e7c0cc7fd792d3575963263e78ad778e79dbe3d5e2320ee57bd4d

  • SHA512

    3617a3fff7402cea4cb890a6d6b190fc347360a4d42011c03f75170b7f3ad1269018c06c27ebdc8cdfd5cb10afe42ec55b3454bf5aa212988111021e7487126d

  • SSDEEP

    6144:aAZwSS8IhmjRFbNSBg0nr6LyaEnr6Lya:aAZtS8RS9nrvnr

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftpperso.free.fr
  • Port:
    21
  • Username:
    msnpromo
  • Password:
    celine

Targets

    • Target

      a1457583100181705617dabaf927fc14_JaffaCakes118

    • Size

      258KB

    • MD5

      a1457583100181705617dabaf927fc14

    • SHA1

      88cdfa7cd8f2f2122b37e8927ab9d7df769027bb

    • SHA256

      176e869fd27e7c0cc7fd792d3575963263e78ad778e79dbe3d5e2320ee57bd4d

    • SHA512

      3617a3fff7402cea4cb890a6d6b190fc347360a4d42011c03f75170b7f3ad1269018c06c27ebdc8cdfd5cb10afe42ec55b3454bf5aa212988111021e7487126d

    • SSDEEP

      6144:aAZwSS8IhmjRFbNSBg0nr6LyaEnr6Lya:aAZtS8RS9nrvnr

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks