Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a25e311ec3c4355215daf92266157b2c_JaffaCakes118

  • Size

    233KB

  • Sample

    240817-nnw8vswejk

  • MD5

    a25e311ec3c4355215daf92266157b2c

  • SHA1

    a2487fa648cb2ed44a60411c6965bebcae3e5ece

  • SHA256

    15b55bf8925b2253ccc1499eada3f6df3ccc62b720b8aed2899f428342275c75

  • SHA512

    b539ede0fef68cfdf6c6e10b37063799d282783c8a74b55e67261d65a777815529fd44b61ae83a55a5474b6226ddd20d39021660332addfee73f2b64e0f37994

  • SSDEEP

    3072:LBlvaWjzrLXQQJKgmSBAVpet2Ago0lWmHEZlDdYLN:9paWjz/gGKgmS+k29WmHEQ

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      a25e311ec3c4355215daf92266157b2c_JaffaCakes118

    • Size

      233KB

    • MD5

      a25e311ec3c4355215daf92266157b2c

    • SHA1

      a2487fa648cb2ed44a60411c6965bebcae3e5ece

    • SHA256

      15b55bf8925b2253ccc1499eada3f6df3ccc62b720b8aed2899f428342275c75

    • SHA512

      b539ede0fef68cfdf6c6e10b37063799d282783c8a74b55e67261d65a777815529fd44b61ae83a55a5474b6226ddd20d39021660332addfee73f2b64e0f37994

    • SSDEEP

      3072:LBlvaWjzrLXQQJKgmSBAVpet2Ago0lWmHEZlDdYLN:9paWjz/gGKgmS+k29WmHEQ

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks