Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c76530899637831fd1ec3f281fda195a_JaffaCakes118
-
Size
1.2MB
-
Sample
240828-wyfb4azblg
-
MD5
c76530899637831fd1ec3f281fda195a
-
SHA1
207445fe509e567da3b3de081fc5e5334b2d77b2
-
SHA256
a2b99bc286042b301692432559d915a6e8ae19f143afb9f91e6e5c51445ad925
-
SHA512
fe933b0c19027e6a7fec65e9da04a3902db3509157c0b471289b13e1eab4d8f34776e78012210e8d1addeb52ed925b0136305c2aaaf761c8eed8b188562f3833
-
SSDEEP
24576:NhtOJF7fjodcrAh2LbBa4QhdvdL6sgMUQhG+oomy0r0DO/:NLO3LjouAh2LbOLdLAqooE
Malware Config
Targets
-
-
Target
c76530899637831fd1ec3f281fda195a_JaffaCakes118
-
Size
1.2MB
-
MD5
c76530899637831fd1ec3f281fda195a
-
SHA1
207445fe509e567da3b3de081fc5e5334b2d77b2
-
SHA256
a2b99bc286042b301692432559d915a6e8ae19f143afb9f91e6e5c51445ad925
-
SHA512
fe933b0c19027e6a7fec65e9da04a3902db3509157c0b471289b13e1eab4d8f34776e78012210e8d1addeb52ed925b0136305c2aaaf761c8eed8b188562f3833
-
SSDEEP
24576:NhtOJF7fjodcrAh2LbBa4QhdvdL6sgMUQhG+oomy0r0DO/:NLO3LjouAh2LbOLdLAqooE
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2