Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cfd1e96e30d36e12b52545eb21d41214_JaffaCakes118
-
Size
159KB
-
Sample
240906-slkjhateka
-
MD5
cfd1e96e30d36e12b52545eb21d41214
-
SHA1
cb292ae0bd385cef958a87bf46ffe5f72dc4ab67
-
SHA256
2385b38c490d82879cc4b40b0075a12e7c43153c924ea87dd71352bf505e598d
-
SHA512
955fee89a2c88bde10b7354c5fd9b9be8700d157ab56f8bccfb05401a8aad1cf98165dbd516a69827a83e9a5fff4c7782e7b62c8259ecedf9dd7748c4524d6ee
-
SSDEEP
1536:7KPEVuTX/EtUVUgpJ9dhxDDt80oy1dhB2JsglZStNIO2cmtcAO80NM+Nf8O6m6y3:7hVuTv5VUIDxthEDStNIO2cmI78O6m6g
Static task
static1
Behavioral task
behavioral1
Sample
cfd1e96e30d36e12b52545eb21d41214_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cfd1e96e30d36e12b52545eb21d41214_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://akamaifilms.com:81/pony/gate.php
-
payload_url
http://bogartmed.com/ADvQe.exe
http://gecenym.org.ar/dwW.exe
http://lsf.co.id/fwSzx.exe
Targets
-
-
Target
cfd1e96e30d36e12b52545eb21d41214_JaffaCakes118
-
Size
159KB
-
MD5
cfd1e96e30d36e12b52545eb21d41214
-
SHA1
cb292ae0bd385cef958a87bf46ffe5f72dc4ab67
-
SHA256
2385b38c490d82879cc4b40b0075a12e7c43153c924ea87dd71352bf505e598d
-
SHA512
955fee89a2c88bde10b7354c5fd9b9be8700d157ab56f8bccfb05401a8aad1cf98165dbd516a69827a83e9a5fff4c7782e7b62c8259ecedf9dd7748c4524d6ee
-
SSDEEP
1536:7KPEVuTX/EtUVUgpJ9dhxDDt80oy1dhB2JsglZStNIO2cmtcAO80NM+Nf8O6m6y3:7hVuTv5VUIDxthEDStNIO2cmI78O6m6g
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-