Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d255b7d1030974c6e5cd7da6f956805c_JaffaCakes118

  • Size

    2.7MB

  • Sample

    240907-tqd3ysvblc

  • MD5

    d255b7d1030974c6e5cd7da6f956805c

  • SHA1

    e4c20fe519b1c213458389c26e2aa53cd7d002ba

  • SHA256

    b0fe5e9cc5e5529bf71dfd6818c259983a51f2f17960a91736bbacc065403e18

  • SHA512

    a48034ef8afc1d8951c8a4645881a2edff01aca01ae4228e027b1d6170c07e2425a92ae1c6d7cce086547d7860cb51d9cb2698ab3bd3e40f41c5e7e475eb54f8

  • SSDEEP

    49152:pcbXc7MoGjIuNOxhL7XGypGf32BXV7YxMnih6eLeRB6NCINY6b5CYO:py+OOxhL72lf32F8Mnis255CD

Malware Config

Targets

    • Target

      d255b7d1030974c6e5cd7da6f956805c_JaffaCakes118

    • Size

      2.7MB

    • MD5

      d255b7d1030974c6e5cd7da6f956805c

    • SHA1

      e4c20fe519b1c213458389c26e2aa53cd7d002ba

    • SHA256

      b0fe5e9cc5e5529bf71dfd6818c259983a51f2f17960a91736bbacc065403e18

    • SHA512

      a48034ef8afc1d8951c8a4645881a2edff01aca01ae4228e027b1d6170c07e2425a92ae1c6d7cce086547d7860cb51d9cb2698ab3bd3e40f41c5e7e475eb54f8

    • SSDEEP

      49152:pcbXc7MoGjIuNOxhL7XGypGf32BXV7YxMnih6eLeRB6NCINY6b5CYO:py+OOxhL72lf32F8Mnis255CD

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      254f13dfd61c5b7d2119eb2550491e1d

    • SHA1

      5083f6804ee3475f3698ab9e68611b0128e22fd6

    • SHA256

      fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

    • SHA512

      fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

    • SSDEEP

      192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo

    Score
    3/10
    • Target

      $PLUGINSDIR/ReadCustomerData.dll

    • Size

      64KB

    • MD5

      703598aa5ff97f512112cd766543a2f1

    • SHA1

      0bfb74b03227ee8510e153785edd76625404ab55

    • SHA256

      5f76752e83789bb8184070d618d83f43c2f565cc7fad2c4266e44339223ba69b

    • SHA512

      3eff4670a3c97ec931eb1240d22a943ad6b19ea07ce781dabcc656ae2049d36c42b8f5bf3ce59366057ea3ece8913e83da3ec98c2c1434edf144dd9d4731fe58

    • SSDEEP

      768:TWaFM5hBUVVsDPytWyIBvsdfk3Nhs8o6S5uymhRv1OInQ/bTLZmTtxHWQ:CvnuV+TcWGIPOChRwIQ/XLQtxH

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/TvGetVersion.dll

    • Size

      130KB

    • MD5

      8872006dd07ada62805c1b80636ef36d

    • SHA1

      c611f017808eac2a144933520e86ae25f5e78fdb

    • SHA256

      7b49d6b41d6125dd64765abd450b4f78e01767547047b184d0a1bdb561c37384

    • SHA512

      70631d52b0e4e411fa2e4be75e809d5b362a3230876d7e821be1390b8aaad11443296c82dce03e6cf308b5f170a9695603b8b5876350571ae68a0f6d7cf30a4e

    • SSDEEP

      1536:JYsbJRUSRFwlPlW+1YO0a9J76sbxXpC5VI4bUj7syyBsUndwFrtYP+yOcI:hWPl065+UEy8dw1tYPDx

    Score
    3/10
    • Target

      $PLUGINSDIR/nsis7z.dll

    • Size

      176KB

    • MD5

      06ff2b95b8e123d32487b0cb73409031

    • SHA1

      8cb3f584112db4e74cea4ed02d4ce0b3a5373bfa

    • SHA256

      0dedad042a306da32784c3ce79bfac0475b827e416c17e1a1dfdb461151f4271

    • SHA512

      174e7599ba87bc45111ce340d7563771353df71988d6b9094d8bdeab4b45ec730cbd2e6bf3943ad66daa02d7f1f1eac0020b987109fabed96b2e0def8d0602c6

    • SSDEEP

      3072:rfSCQ4FYoKhEHvf4aytolZ8MMNjXtWXTkibb7zHetRYFJ8:HFYosEH3UtoX8fUtXPOm

    Score
    3/10
    • Target

      TeamViewer.exe

    • Size

      7.0MB

    • MD5

      32ee99a3ed45271f210e12b23eeb2861

    • SHA1

      ed2e6f46706d04e3689a708208ad6fd814c75936

    • SHA256

      7ba0a16c534ea3669bdbd13112fc1071adbaa0422a655dcb525369477872b536

    • SHA512

      d552bae95356da2ffcf2cfc6c4643456dd1334bbdc8059397e25945d90c09e2550fcc76170f89476c6a061a8b556e801d000dbe498e27fb0f1fd76aff0a23a17

    • SSDEEP

      98304:JP0XJBwgh42m9j89bkCN2MZ21YZDvb/Fo+fFrUrUu3N7byJDZho0hOk0C33jywVT:OvwnDi9dZLb/BfGrUu3N7m3hcazvV/

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      TeamViewer_Desktop.exe

    • Size

      2.0MB

    • MD5

      81675ba925818ab731e372159ea9cdd1

    • SHA1

      75165f2d8040e3494251c739f3680d37b28ae525

    • SHA256

      a1617ecd096789b5c898474837ea38769a7256793f36b80dbc28dda63d517e6a

    • SHA512

      ac7e23df4b30ce94482e9b6d2f80c5c748384b169197ca0db0ea832815f48f116b18e42e178d7d54d125de63eb1aaea0a38153d42bfe75049fc8055851116cd9

    • SSDEEP

      49152:yYFOvyAPoQSkpdbzG1pUllWtNTyZ/MUcQNLJm5:zOvzo3kpY1eGu/XlJm

    Score
    3/10
    • Target

      TeamViewer_Resource_fr.dll

    • Size

      1.3MB

    • MD5

      6322931fab86af48a0940f744f7925c4

    • SHA1

      7abb55a62ab8133245bdc3f71b2360f745f95db3

    • SHA256

      e706ac5af4fc3ffbd36d8aac1efbf4d8dffb9d2a721e3bbf35da37a50e0ebfe4

    • SHA512

      262e0fd4d0a73deda4e1a255848b7963007e539a72099ab1c7b27ec7cc8b8f309bdb939b91e7b6f3ec27efd7a43bcb556dd4ff9c800985abf839b8093216fc8d

    • SSDEEP

      12288:Zhmfaa/lRMxerSaye0dHVGFlSyhUcTm8i1aWjp3n331C34QN6TO:XmfnJrSayGF6Kp8S

    Score
    1/10
    • Target

      TeamViewer_Service.exe

    • Size

      2.3MB

    • MD5

      e03e8f543a1f8c0a7e07e8095c16fa73

    • SHA1

      5cd12e817c2b0a7c1439289069a934c7514c798d

    • SHA256

      5ced4599fdb86edc80170665d8156888b683ba8e3e7258b8d1b5b6400bd5307e

    • SHA512

      fb66e215db8438104487eaf1a21c2701c51169a8e11eac6ba521cea2f06124b176649a3ae254a9094ff12f2710af84d4bda107a22fc7a32ba5500fc40d5dc146

    • SSDEEP

      49152:Zlf2clpXwZpK2lnp+g2KXMgUu3YHt+zC1dTUHB/SLjux:Pf2qgC2lnpB2KLUu3YHt+ufUgL

    Score
    3/10
    • Target

      tv_w32.dll

    • Size

      48KB

    • MD5

      8ed1d2b0875cb6197f0d99b24ee9af66

    • SHA1

      51a3363a1499f4fea4de464debc4ba11a18be911

    • SHA256

      663b890fac656a12db0044d9cd2a4d2311c69715665b03b1e4e5e876b497b05d

    • SHA512

      15bf86375300fb78d9ec5f0aeeec7265439adbe9491184fb84497c07b8921b60ce99d0369d796252afb720894f2493fbf82d217b73da2272b9004649dd717bba

    • SSDEEP

      768:vnbNOCWYFawkf5soDYunk220HOtUM3CCGVkQiFptzsk51MIIL1:/BSsunocCUDJVkjJsk518R

    Score
    3/10
    • Target

      tv_w32.exe

    • Size

      105KB

    • MD5

      732dfe958b012ba8622d312d8594c0c3

    • SHA1

      2f247c1975937d72dfc1ea851c9e9d8c75fbaca0

    • SHA256

      9b9c3634d0ff1e408317515557b74beb050a8bd0973db10186a11c4cce3ceaaf

    • SHA512

      4661413276664021e84425505420bdaf24cbfee4e6c8feb32662cf6b03027bbab6377d99f1b309919d630853efdd4be889ee8253e8d945416c1548f4f753c532

    • SSDEEP

      1536:uaooQTXvqXtkFFCN3bzLqFu0azJPPY08MPMyY/eetFDiCc3NwGzpi1+4ooahteac:uaoD2Prpifahteac

    Score
    3/10
    • Target

      tv_x64.dll

    • Size

      51KB

    • MD5

      100cc2667789dea561aad9ce4d2307f7

    • SHA1

      1e9505fb9b5114d332f2f83035ad0b8254e8fb0f

    • SHA256

      d4cd7043c7d88c2ba3ca171f010037a4dc8ea4438ebd8df132f67d8f00a2e59f

    • SHA512

      0612f6698884a3a9d0233c281ecc5706324b16bf52a0bbd049768ec2b31001854ab87b52624491d87fc072d9c551e082c926cb62beeec13b7d0bff3fa4c1cd88

    • SSDEEP

      768:dRbXkYJwW1DSveW1oI8iGkDDTn/Azi5uQat0bxJYQll6nQIIL:dRbnJj1OvDv/0z7t0bflso

    Score
    1/10
    • Target

      tv_x64.exe

    • Size

      140KB

    • MD5

      1f1b6f7d707654577d7e261ba3e4c66f

    • SHA1

      242e1a2e13842ab388666e03683895ca33c54e1c

    • SHA256

      2ceef031a02f4389857ea40a2dd0e24e742f08c33debf1e466b546259700918a

    • SHA512

      be078bf4bd3977e04d574af6faf7caeefee1701f4dbf370ebdb81048e7bf3b1c6f1152f9b4797347d3907bd336056a04153a11609f79c1d2f4c366c95e90142f

    • SSDEEP

      3072:nWINt2c3+Iiq7oaXVb17FXLxKuiYsS/iYgWxYYYTOS/wOBLWT1vV:nZ+IixaXVb17FRVn6Y9uYYawkTh

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discoveryspywarestealerupx
Score
7/10

behavioral2

discoveryspywarestealerupx
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discoveryspywarestealer
Score
7/10

behavioral14

discoveryspywarestealer
Score
7/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10