Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dd0fe0cbf4b92f36fbaf8336fb2f82ac_JaffaCakes118
-
Size
137KB
-
Sample
240912-z28dtsveqk
-
MD5
dd0fe0cbf4b92f36fbaf8336fb2f82ac
-
SHA1
c658b04b6d6acf5cee5ebad2bb34da5cec0b82c3
-
SHA256
aece3f50f24628bce9c9688879dca8f3f80bccdf12718caf28cc031f9e2acce2
-
SHA512
4462df82418445ff718fc3dde5837cc66ec4d0ce34cb93b3a55840bd2c4727439d85dd6808d100127eadb4e233e45ad10afe9f13bf5d7a1e6608a5b8f6ecdea0
-
SSDEEP
1536:fEaBDw6fxE4a6foBJ/fYXSCsF02GXu+rdnV3BjU/hIzcCIqA6cwgvIq/jYX5iQ5:fEaWcE1EOB9otHeyzzA6c5/I3
Static task
static1
Behavioral task
behavioral1
Sample
dd0fe0cbf4b92f36fbaf8336fb2f82ac_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
pony
http://buyandsmile.atomclick.co:8080/pony/gate.php
http://dare2dreamz.com:8080/pony/gate.php
-
payload_url
http://desprecs.ro/50dw.exe
http://thehorsetailor.com/7QtL.exe
http://h--o.com/KdWNRWVz.exe
Targets
-
-
Target
dd0fe0cbf4b92f36fbaf8336fb2f82ac_JaffaCakes118
-
Size
137KB
-
MD5
dd0fe0cbf4b92f36fbaf8336fb2f82ac
-
SHA1
c658b04b6d6acf5cee5ebad2bb34da5cec0b82c3
-
SHA256
aece3f50f24628bce9c9688879dca8f3f80bccdf12718caf28cc031f9e2acce2
-
SHA512
4462df82418445ff718fc3dde5837cc66ec4d0ce34cb93b3a55840bd2c4727439d85dd6808d100127eadb4e233e45ad10afe9f13bf5d7a1e6608a5b8f6ecdea0
-
SSDEEP
1536:fEaBDw6fxE4a6foBJ/fYXSCsF02GXu+rdnV3BjU/hIzcCIqA6cwgvIq/jYX5iQ5:fEaWcE1EOB9otHeyzzA6c5/I3
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-