Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dde58b9dd400d67ac495756fc62e8ca2_JaffaCakes118

  • Size

    168KB

  • Sample

    240913-hnbdhazgmb

  • MD5

    dde58b9dd400d67ac495756fc62e8ca2

  • SHA1

    eec6c37a84ab65dd52e8cab2674bd965ab2cc989

  • SHA256

    18b65c8849ee072c142102c0064301a1d7c0fb79bb5cc52dc8d0cbf1433034c3

  • SHA512

    b031fa0b7267d965e6ff9d1cd02160b7a351a4de5ac872b6eb8fa630142f898cd3b21950db596dca9e37eafde3257757c17164cdc25d6e62d969d4f925845321

  • SSDEEP

    3072:TXDKfncjzOPACBs+n9POd9FKMtmQrKl0srCZ4+MohKJErKJnsaR:TS0Ks+nstmeOE4p4K5

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    brackenrig123

Targets

    • Target

      dde58b9dd400d67ac495756fc62e8ca2_JaffaCakes118

    • Size

      168KB

    • MD5

      dde58b9dd400d67ac495756fc62e8ca2

    • SHA1

      eec6c37a84ab65dd52e8cab2674bd965ab2cc989

    • SHA256

      18b65c8849ee072c142102c0064301a1d7c0fb79bb5cc52dc8d0cbf1433034c3

    • SHA512

      b031fa0b7267d965e6ff9d1cd02160b7a351a4de5ac872b6eb8fa630142f898cd3b21950db596dca9e37eafde3257757c17164cdc25d6e62d969d4f925845321

    • SSDEEP

      3072:TXDKfncjzOPACBs+n9POd9FKMtmQrKl0srCZ4+MohKJErKJnsaR:TS0Ks+nstmeOE4p4K5

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks