Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ddf5f57e2e4164c5e305b726c2427470_JaffaCakes118
-
Size
304KB
-
Sample
240913-jcf1aasare
-
MD5
ddf5f57e2e4164c5e305b726c2427470
-
SHA1
2b60fc3776c17305a78f4d442cfbd6d673872dd8
-
SHA256
9cadd4db012a3ece0d1de8e2ef1b329ca18e46566404c2126a9407e5d94fe194
-
SHA512
88b795de0e4d1bc877244456ce9c14f7fb79c646a01efb6874a76d933ae2d97704fff8fe769a551f51973cc630238d0b9c2c458fbc74535b74e3301c1754ddd1
-
SSDEEP
6144:JLvB9JiKpeOm9HqkSs80QhYXnOdy/63e3hMSnEjBSBI8L:BAcrm9KKQa+I+KTEjBo
Behavioral task
behavioral1
Sample
ddf5f57e2e4164c5e305b726c2427470_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ddf5f57e2e4164c5e305b726c2427470_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
ddf5f57e2e4164c5e305b726c2427470_JaffaCakes118
-
Size
304KB
-
MD5
ddf5f57e2e4164c5e305b726c2427470
-
SHA1
2b60fc3776c17305a78f4d442cfbd6d673872dd8
-
SHA256
9cadd4db012a3ece0d1de8e2ef1b329ca18e46566404c2126a9407e5d94fe194
-
SHA512
88b795de0e4d1bc877244456ce9c14f7fb79c646a01efb6874a76d933ae2d97704fff8fe769a551f51973cc630238d0b9c2c458fbc74535b74e3301c1754ddd1
-
SSDEEP
6144:JLvB9JiKpeOm9HqkSs80QhYXnOdy/63e3hMSnEjBSBI8L:BAcrm9KKQa+I+KTEjBo
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-