Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ae98e401992b0fcd23b65351372085eb_JaffaCakes118

  • Size

    388KB

  • Sample

    240820-kwd6gaxbqk

  • MD5

    ae98e401992b0fcd23b65351372085eb

  • SHA1

    00ec81009228069a3496b685d85198a1ca53f60d

  • SHA256

    0e8c10a3fe2402a93167703aaa2ff04a0371b925526adf10dca7c7029df4fb2f

  • SHA512

    8a430c6cb79973db0227c1603355f5ca91fb1b0441dc101e94eb099a5c45c296cf43421336a5ed937664e769f15f851fe28484b34189f73b45a1a862ef05d719

  • SSDEEP

    6144:JZfQ6hfAfdVXUN419qvm8whTEOecBdoZpz1un65+PhPsXufyjI8o3:Lo6hIfcvlWHPopLqmufyjM3

Malware Config

Targets

    • Target

      ae98e401992b0fcd23b65351372085eb_JaffaCakes118

    • Size

      388KB

    • MD5

      ae98e401992b0fcd23b65351372085eb

    • SHA1

      00ec81009228069a3496b685d85198a1ca53f60d

    • SHA256

      0e8c10a3fe2402a93167703aaa2ff04a0371b925526adf10dca7c7029df4fb2f

    • SHA512

      8a430c6cb79973db0227c1603355f5ca91fb1b0441dc101e94eb099a5c45c296cf43421336a5ed937664e769f15f851fe28484b34189f73b45a1a862ef05d719

    • SSDEEP

      6144:JZfQ6hfAfdVXUN419qvm8whTEOecBdoZpz1un65+PhPsXufyjI8o3:Lo6hIfcvlWHPopLqmufyjM3

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks