Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a1e3340e41cef1fb4b8d44ffae8e48de_JaffaCakes118

  • Size

    421KB

  • Sample

    240817-km6jcsxarg

  • MD5

    a1e3340e41cef1fb4b8d44ffae8e48de

  • SHA1

    4401228a55ee14ed93c00a70ab28576e042d78ad

  • SHA256

    779e2d91a9a2f7231611aa567eea9610c4ec63e0629579a2a002aa87cc0384a5

  • SHA512

    d0a596785a482f9f5cdf2c271647b48c6c568406045193990d9c824921c2e89bc409d289fe98eb4ea98173a54fa24a4a75d3f6f530acbd208abce98e688fc449

  • SSDEEP

    12288:kBcyCTgvSeEBPr+3maYKwqG8eT2AtxbDOP0BHH:9BTgvSeEBjeGVTTtxb6sBHH

Malware Config

Targets

    • Target

      a1e3340e41cef1fb4b8d44ffae8e48de_JaffaCakes118

    • Size

      421KB

    • MD5

      a1e3340e41cef1fb4b8d44ffae8e48de

    • SHA1

      4401228a55ee14ed93c00a70ab28576e042d78ad

    • SHA256

      779e2d91a9a2f7231611aa567eea9610c4ec63e0629579a2a002aa87cc0384a5

    • SHA512

      d0a596785a482f9f5cdf2c271647b48c6c568406045193990d9c824921c2e89bc409d289fe98eb4ea98173a54fa24a4a75d3f6f530acbd208abce98e688fc449

    • SSDEEP

      12288:kBcyCTgvSeEBPr+3maYKwqG8eT2AtxbDOP0BHH:9BTgvSeEBjeGVTTtxb6sBHH

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks