Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b798cac7d0969a6369cc0c8d2b3ea169_JaffaCakes118
-
Size
136KB
-
Sample
240822-pfsq5syhmp
-
MD5
b798cac7d0969a6369cc0c8d2b3ea169
-
SHA1
0ea8e3fe9dd9f9d3c2605288ad2fbec104555c7b
-
SHA256
c50f512d6dc79915f3f73f0c951641fa1d7e521b62b38ef5fb54af77e2b15e66
-
SHA512
a7aeec6e2d4fa8e5e9cbe8bf28b24c6d8f1f06e2bd21f9bc180683fec3655bfad485cbeeb2a1a514045a57d5079cadc0735524de00a1f28bc6b1c2b7a78b7061
-
SSDEEP
768:j/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLB:jRsvcdcQjosnvnZ6LQ1EB
Static task
static1
Behavioral task
behavioral1
Sample
b798cac7d0969a6369cc0c8d2b3ea169_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b798cac7d0969a6369cc0c8d2b3ea169_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
griptoloji - Password:
741852
Targets
-
-
Target
b798cac7d0969a6369cc0c8d2b3ea169_JaffaCakes118
-
Size
136KB
-
MD5
b798cac7d0969a6369cc0c8d2b3ea169
-
SHA1
0ea8e3fe9dd9f9d3c2605288ad2fbec104555c7b
-
SHA256
c50f512d6dc79915f3f73f0c951641fa1d7e521b62b38ef5fb54af77e2b15e66
-
SHA512
a7aeec6e2d4fa8e5e9cbe8bf28b24c6d8f1f06e2bd21f9bc180683fec3655bfad485cbeeb2a1a514045a57d5079cadc0735524de00a1f28bc6b1c2b7a78b7061
-
SSDEEP
768:j/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLB:jRsvcdcQjosnvnZ6LQ1EB
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-