Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b4809ae66c66459e03019ca5c37be19f_JaffaCakes118
-
Size
268KB
-
Sample
240821-wts3dswhmr
-
MD5
b4809ae66c66459e03019ca5c37be19f
-
SHA1
d7b20cd9569cb747f489468f09557bd24d28406f
-
SHA256
41d8096a6e3bc2ed104f7552a74e9f48795b847d6617b3bfe15a4e1bd1334cc3
-
SHA512
84b65d47d6b97c0a2ddf2b9a7f6e89b1306134ee79edbc92523f6df13f2ff1b97b9e4b711f1369ca946699ce777be765c7d1c153cff9fef88ec618859e1e03be
-
SSDEEP
6144:F1jtZ8mk/mJ8lwQqGZwvOIn/7TFvnh11i:F1jtdkg8lwQqGYx7TF/xi
Static task
static1
Behavioral task
behavioral1
Sample
b4809ae66c66459e03019ca5c37be19f_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
b4809ae66c66459e03019ca5c37be19f_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
b4809ae66c66459e03019ca5c37be19f_JaffaCakes118
-
Size
268KB
-
MD5
b4809ae66c66459e03019ca5c37be19f
-
SHA1
d7b20cd9569cb747f489468f09557bd24d28406f
-
SHA256
41d8096a6e3bc2ed104f7552a74e9f48795b847d6617b3bfe15a4e1bd1334cc3
-
SHA512
84b65d47d6b97c0a2ddf2b9a7f6e89b1306134ee79edbc92523f6df13f2ff1b97b9e4b711f1369ca946699ce777be765c7d1c153cff9fef88ec618859e1e03be
-
SSDEEP
6144:F1jtZ8mk/mJ8lwQqGZwvOIn/7TFvnh11i:F1jtdkg8lwQqGYx7TF/xi
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-