Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dcc882bf07f5bb3ef989060011d89834_JaffaCakes118

  • Size

    37KB

  • Sample

    240912-wvamfaxbql

  • MD5

    dcc882bf07f5bb3ef989060011d89834

  • SHA1

    2d98a861b1582e1cb02d8eab97a3740356f87b4c

  • SHA256

    779068ec37d66d58e03585227d10187c85c7020f13134931cf3732abfce11fc2

  • SHA512

    5c9c04687b0f9724e9db3e77c2aa2d0fbc064dceab2cd715db9b66e330396fcd8b31ccbe65f2d2fdd533f2a895e4a6cb02b795e8e135c660778169dd13a8940e

  • SSDEEP

    768:CCqN8yYtDoz51bw+xXcp4gNeDOZh/v5O2o7jM4:cYRoz5108MGDy/BO2oN

Malware Config

Targets

    • Target

      dcc882bf07f5bb3ef989060011d89834_JaffaCakes118

    • Size

      37KB

    • MD5

      dcc882bf07f5bb3ef989060011d89834

    • SHA1

      2d98a861b1582e1cb02d8eab97a3740356f87b4c

    • SHA256

      779068ec37d66d58e03585227d10187c85c7020f13134931cf3732abfce11fc2

    • SHA512

      5c9c04687b0f9724e9db3e77c2aa2d0fbc064dceab2cd715db9b66e330396fcd8b31ccbe65f2d2fdd533f2a895e4a6cb02b795e8e135c660778169dd13a8940e

    • SSDEEP

      768:CCqN8yYtDoz51bw+xXcp4gNeDOZh/v5O2o7jM4:cYRoz5108MGDy/BO2oN

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (106450) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks