Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bc4d0ad6d35b5f7696aaa117265815da_JaffaCakes118

  • Size

    6.5MB

  • Sample

    240823-stxh2ascmc

  • MD5

    bc4d0ad6d35b5f7696aaa117265815da

  • SHA1

    f3b021f45f1e54e5826579dc797d9d3004d2fb4a

  • SHA256

    7896cbbec89f6f79883a877a25aceeb9c6f0401601ffd1411c0849b150c661b4

  • SHA512

    b732f02b5ebdba430805cdbad99df628221027657aaef80bc2c290aca7ef881e67292d0afdb7d6b697774484757868f69e898a02451e6bc5a41d9963172a1c8f

  • SSDEEP

    196608:lLAjOEDzxiTh4vJSSZkU0STmtiamai/aH4pW:lLAKko4zDPai/k4pW

Malware Config

Targets

    • Target

      bc4d0ad6d35b5f7696aaa117265815da_JaffaCakes118

    • Size

      6.5MB

    • MD5

      bc4d0ad6d35b5f7696aaa117265815da

    • SHA1

      f3b021f45f1e54e5826579dc797d9d3004d2fb4a

    • SHA256

      7896cbbec89f6f79883a877a25aceeb9c6f0401601ffd1411c0849b150c661b4

    • SHA512

      b732f02b5ebdba430805cdbad99df628221027657aaef80bc2c290aca7ef881e67292d0afdb7d6b697774484757868f69e898a02451e6bc5a41d9963172a1c8f

    • SSDEEP

      196608:lLAjOEDzxiTh4vJSSZkU0STmtiamai/aH4pW:lLAKko4zDPai/k4pW

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks