Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dd7123e014e067e0927b4189eaac4264_JaffaCakes118
-
Size
172KB
-
Sample
240913-b9yycsxfnk
-
MD5
dd7123e014e067e0927b4189eaac4264
-
SHA1
2ce7f04c3cec8aa926a282080081a1cb61781820
-
SHA256
b0a825d60cd77873437a57c2fb9a42aa2a7983eec27307e7242a1390fb9e48f5
-
SHA512
1bee2d19f060c3d1d116804e8c131752df129934a362a69f1a627dcf62b7790636beba1d7514deff40a89d58a93f9e2ebf5d42d1a42cf5628f28dd8145663332
-
SSDEEP
1536:23vhewkJj7tm2UgiNWh8mdKbN8RINnLGobNl8BP0p9jQx2cAiiDbB0snVHsIGoR8:4M7JX3XiFdlbNeQ9jUWiaFHcIkJpm
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
Masterdark1
Targets
-
-
Target
dd7123e014e067e0927b4189eaac4264_JaffaCakes118
-
Size
172KB
-
MD5
dd7123e014e067e0927b4189eaac4264
-
SHA1
2ce7f04c3cec8aa926a282080081a1cb61781820
-
SHA256
b0a825d60cd77873437a57c2fb9a42aa2a7983eec27307e7242a1390fb9e48f5
-
SHA512
1bee2d19f060c3d1d116804e8c131752df129934a362a69f1a627dcf62b7790636beba1d7514deff40a89d58a93f9e2ebf5d42d1a42cf5628f28dd8145663332
-
SSDEEP
1536:23vhewkJj7tm2UgiNWh8mdKbN8RINnLGobNl8BP0p9jQx2cAiiDbB0snVHsIGoR8:4M7JX3XiFdlbNeQ9jUWiaFHcIkJpm
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1