Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b251001041fe1c5c47ee953942dcf662_JaffaCakes118

  • Size

    224KB

  • Sample

    240821-gj1l6aweql

  • MD5

    b251001041fe1c5c47ee953942dcf662

  • SHA1

    223ac182c32c524768d18152f86fe47dc0c1e4d7

  • SHA256

    97a612d3c4a095e20f2bcea30a62793ca6fe4397b8676aceb8efbcbb13e717e7

  • SHA512

    a9a8507e8a1ce1866b8e65a6f8e91b870d9d09d14b5b820513e8e66adebeff4363138d2779eb465fe3ccc19917270794efd33e6db90f71cb0c705d2a2b625e0a

  • SSDEEP

    6144:NJiRgUAEzgVVSr9S1OT4PFvILEDEM8mIQQ4z2:NiRMA9RTKFsED51PC

Malware Config

Targets

    • Target

      b251001041fe1c5c47ee953942dcf662_JaffaCakes118

    • Size

      224KB

    • MD5

      b251001041fe1c5c47ee953942dcf662

    • SHA1

      223ac182c32c524768d18152f86fe47dc0c1e4d7

    • SHA256

      97a612d3c4a095e20f2bcea30a62793ca6fe4397b8676aceb8efbcbb13e717e7

    • SHA512

      a9a8507e8a1ce1866b8e65a6f8e91b870d9d09d14b5b820513e8e66adebeff4363138d2779eb465fe3ccc19917270794efd33e6db90f71cb0c705d2a2b625e0a

    • SSDEEP

      6144:NJiRgUAEzgVVSr9S1OT4PFvILEDEM8mIQQ4z2:NiRMA9RTKFsED51PC

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies WinLogon for persistence

    • ModiLoader Second Stage

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks