Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e238c4ec1716fe656488939e43fa2dae_JaffaCakes118
-
Size
209KB
-
Sample
240915-l1zhmsxgnf
-
MD5
e238c4ec1716fe656488939e43fa2dae
-
SHA1
257b7e16c6d74b2ddf12e779ba24b5ef60fad226
-
SHA256
ba7f3164b131f926902a206834b5b4dd662153a8b9e9b1492fde60da853b2d51
-
SHA512
751cb2396c06de1ac0d20e8c751a098ca46d96cf592e1a1731e21a0fe3ac14e57aa2cd65fb6d03c15f0a55a7ecd3bb38ce1894e07ea7b15dd63d036227b5b05b
-
SSDEEP
3072:tVHgCc4xGvbwcU9KQ2BBAHmaPxBVoUb5Epj:QCc4xGxWKQ2BonxOj
Static task
static1
Behavioral task
behavioral1
Sample
e238c4ec1716fe656488939e43fa2dae_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e238c4ec1716fe656488939e43fa2dae_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.byethost12.com - Port:
21 - Username:
b12_8082975 - Password:
951753zx
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
e238c4ec1716fe656488939e43fa2dae_JaffaCakes118
-
Size
209KB
-
MD5
e238c4ec1716fe656488939e43fa2dae
-
SHA1
257b7e16c6d74b2ddf12e779ba24b5ef60fad226
-
SHA256
ba7f3164b131f926902a206834b5b4dd662153a8b9e9b1492fde60da853b2d51
-
SHA512
751cb2396c06de1ac0d20e8c751a098ca46d96cf592e1a1731e21a0fe3ac14e57aa2cd65fb6d03c15f0a55a7ecd3bb38ce1894e07ea7b15dd63d036227b5b05b
-
SSDEEP
3072:tVHgCc4xGvbwcU9KQ2BBAHmaPxBVoUb5Epj:QCc4xGxWKQ2BonxOj
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-