Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a31d1b7f173441b0cb637813a9257e84_JaffaCakes118
-
Size
866KB
-
Sample
240817-s1x35sshqf
-
MD5
a31d1b7f173441b0cb637813a9257e84
-
SHA1
69389137c11e6c775156639c5a366f0bda973b40
-
SHA256
0944994ed1f7612afe248bdbbe57bacad3d3720c8f5f43d8cd5e17e7ae299ebb
-
SHA512
675b00cdad7a3625225cbef1fda371e42f5b8784b4506469669cba91add4dbc8cd711da4dd84ab577d87463c654b10a7a53de795cd0560516d4461da3bea147e
-
SSDEEP
12288:rQxehvo8RRf42RakgGKqiFmvDOX5PVjIeck545Ac1Mh1jt:rQElo8RQ2qG+sURRR7cOhh
Static task
static1
Behavioral task
behavioral1
Sample
a31d1b7f173441b0cb637813a9257e84_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a31d1b7f173441b0cb637813a9257e84_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
lokibot
http://dickson--constant.com/chief/har/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a31d1b7f173441b0cb637813a9257e84_JaffaCakes118
-
Size
866KB
-
MD5
a31d1b7f173441b0cb637813a9257e84
-
SHA1
69389137c11e6c775156639c5a366f0bda973b40
-
SHA256
0944994ed1f7612afe248bdbbe57bacad3d3720c8f5f43d8cd5e17e7ae299ebb
-
SHA512
675b00cdad7a3625225cbef1fda371e42f5b8784b4506469669cba91add4dbc8cd711da4dd84ab577d87463c654b10a7a53de795cd0560516d4461da3bea147e
-
SSDEEP
12288:rQxehvo8RRf42RakgGKqiFmvDOX5PVjIeck545Ac1Mh1jt:rQElo8RQ2qG+sURRR7cOhh
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-