Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b4de98edfc58bb18008f042464899e3d_JaffaCakes118

  • Size

    704KB

  • Sample

    240821-yzcnpsyarb

  • MD5

    b4de98edfc58bb18008f042464899e3d

  • SHA1

    a0535152ae6ea0695d02d93879e5bd4f58c0a002

  • SHA256

    899489a0ac50ae9bd5d4f71ce4a4fe42c56ae18c25750d747b25a49cfc4ec431

  • SHA512

    211b9e09e6e5e199445bafde2d460b1010c6676a5dd0714bf0bfecd78bc804b52d863f70472bf7c36076e1367739dd5c65d99dfb3d1223195880881164a65516

  • SSDEEP

    12288:DC4Q0grv/j7HQaxsX7PEcryQ3uPoq5uLXOQMOU8Je7cBw67YMILMBG:DCL0mn/QkWjTB3uzuiQBUeLBw

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://repoiury.com/inst.php?id=forbidden&lang=ENU

Targets

    • Target

      b4de98edfc58bb18008f042464899e3d_JaffaCakes118

    • Size

      704KB

    • MD5

      b4de98edfc58bb18008f042464899e3d

    • SHA1

      a0535152ae6ea0695d02d93879e5bd4f58c0a002

    • SHA256

      899489a0ac50ae9bd5d4f71ce4a4fe42c56ae18c25750d747b25a49cfc4ec431

    • SHA512

      211b9e09e6e5e199445bafde2d460b1010c6676a5dd0714bf0bfecd78bc804b52d863f70472bf7c36076e1367739dd5c65d99dfb3d1223195880881164a65516

    • SSDEEP

      12288:DC4Q0grv/j7HQaxsX7PEcryQ3uPoq5uLXOQMOU8Je7cBw67YMILMBG:DCL0mn/QkWjTB3uzuiQBUeLBw

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks