Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bd8d12dcc31a003ee9169088061dfea8_JaffaCakes118
-
Size
153KB
-
Sample
240823-3cf5tsshpf
-
MD5
bd8d12dcc31a003ee9169088061dfea8
-
SHA1
636dfcdf7a48d84241be6bb463711a6931eebed3
-
SHA256
8e7b8582e8b53563ec38888812b143e38e7c84316691e35614a441ffbf3e7540
-
SHA512
6402e08fb22027df5d7c84ed55dbb1cd648d68c730ae12b355db10a9e25adc4b9e0e14ea88e7182f0b3d2aece65f3d19c1fa894b8667507298c573084c760122
-
SSDEEP
3072:vlhTufPd5UeZI+46kernNhbvB7qmv5Y+jGIAhpvRG:vlMfPTemrXbJ7qI5Y9J5R
Static task
static1
Behavioral task
behavioral1
Sample
bd8d12dcc31a003ee9169088061dfea8_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
netwire
127.0.0.1:3360
191.96.249.27:3360
-
activex_autorun
false
-
copy_executable
true
-
delete_original
true
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\mswiner.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
mFTprBPl
-
offline_keylogger
true
-
password
1234
-
registry_autorun
true
-
startup_name
mswiner
-
use_mutex
true
Targets
-
-
Target
bd8d12dcc31a003ee9169088061dfea8_JaffaCakes118
-
Size
153KB
-
MD5
bd8d12dcc31a003ee9169088061dfea8
-
SHA1
636dfcdf7a48d84241be6bb463711a6931eebed3
-
SHA256
8e7b8582e8b53563ec38888812b143e38e7c84316691e35614a441ffbf3e7540
-
SHA512
6402e08fb22027df5d7c84ed55dbb1cd648d68c730ae12b355db10a9e25adc4b9e0e14ea88e7182f0b3d2aece65f3d19c1fa894b8667507298c573084c760122
-
SSDEEP
3072:vlhTufPd5UeZI+46kernNhbvB7qmv5Y+jGIAhpvRG:vlMfPTemrXbJ7qI5Y9J5R
-
NetWire RAT payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-