Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a25e311ec3c4355215daf92266157b2c_JaffaCakes118
-
Size
233KB
-
Sample
240817-nnw8vswejk
-
MD5
a25e311ec3c4355215daf92266157b2c
-
SHA1
a2487fa648cb2ed44a60411c6965bebcae3e5ece
-
SHA256
15b55bf8925b2253ccc1499eada3f6df3ccc62b720b8aed2899f428342275c75
-
SHA512
b539ede0fef68cfdf6c6e10b37063799d282783c8a74b55e67261d65a777815529fd44b61ae83a55a5474b6226ddd20d39021660332addfee73f2b64e0f37994
-
SSDEEP
3072:LBlvaWjzrLXQQJKgmSBAVpet2Ago0lWmHEZlDdYLN:9paWjz/gGKgmS+k29WmHEQ
Static task
static1
Behavioral task
behavioral1
Sample
a25e311ec3c4355215daf92266157b2c_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a25e311ec3c4355215daf92266157b2c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
a25e311ec3c4355215daf92266157b2c_JaffaCakes118
-
Size
233KB
-
MD5
a25e311ec3c4355215daf92266157b2c
-
SHA1
a2487fa648cb2ed44a60411c6965bebcae3e5ece
-
SHA256
15b55bf8925b2253ccc1499eada3f6df3ccc62b720b8aed2899f428342275c75
-
SHA512
b539ede0fef68cfdf6c6e10b37063799d282783c8a74b55e67261d65a777815529fd44b61ae83a55a5474b6226ddd20d39021660332addfee73f2b64e0f37994
-
SSDEEP
3072:LBlvaWjzrLXQQJKgmSBAVpet2Ago0lWmHEZlDdYLN:9paWjz/gGKgmS+k29WmHEQ
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-