Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e238c4ec1716fe656488939e43fa2dae_JaffaCakes118

  • Size

    209KB

  • Sample

    240915-l1zhmsxgnf

  • MD5

    e238c4ec1716fe656488939e43fa2dae

  • SHA1

    257b7e16c6d74b2ddf12e779ba24b5ef60fad226

  • SHA256

    ba7f3164b131f926902a206834b5b4dd662153a8b9e9b1492fde60da853b2d51

  • SHA512

    751cb2396c06de1ac0d20e8c751a098ca46d96cf592e1a1731e21a0fe3ac14e57aa2cd65fb6d03c15f0a55a7ecd3bb38ce1894e07ea7b15dd63d036227b5b05b

  • SSDEEP

    3072:tVHgCc4xGvbwcU9KQ2BBAHmaPxBVoUb5Epj:QCc4xGxWKQ2BonxOj

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.byethost12.com
  • Port:
    21
  • Username:
    b12_8082975
  • Password:
    951753zx

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      e238c4ec1716fe656488939e43fa2dae_JaffaCakes118

    • Size

      209KB

    • MD5

      e238c4ec1716fe656488939e43fa2dae

    • SHA1

      257b7e16c6d74b2ddf12e779ba24b5ef60fad226

    • SHA256

      ba7f3164b131f926902a206834b5b4dd662153a8b9e9b1492fde60da853b2d51

    • SHA512

      751cb2396c06de1ac0d20e8c751a098ca46d96cf592e1a1731e21a0fe3ac14e57aa2cd65fb6d03c15f0a55a7ecd3bb38ce1894e07ea7b15dd63d036227b5b05b

    • SSDEEP

      3072:tVHgCc4xGvbwcU9KQ2BBAHmaPxBVoUb5Epj:QCc4xGxWKQ2BonxOj

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks