Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e89cb61349a6bab43f582b9087283007_JaffaCakes118
-
Size
1.1MB
-
Sample
240918-ja8mhszcrm
-
MD5
e89cb61349a6bab43f582b9087283007
-
SHA1
5c212383197a2eda5c09bb524789dba6913dc7e5
-
SHA256
3e82b45c9e0c1819eea7baad7fce402472f70d23023490e364b0fb213bbbedf5
-
SHA512
669b966a0ea1f083b12f02c1d96fe229ab12f412698d3d0d7c8c012c754cd88425302f17196a769401c20afefe894da58884e91070e2ec4973c7b405b5d923bc
-
SSDEEP
24576:adHPXnvcC964ukjOs1iq8ZqI1IT96teRRRRRRRRRRRRRRRRRRRm7pxV2AeC+H:a9vvM4sHq9QBFM
Static task
static1
Behavioral task
behavioral1
Sample
e89cb61349a6bab43f582b9087283007_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e89cb61349a6bab43f582b9087283007_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
lokibot
http://avebx.cf/sleek2/cat.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e89cb61349a6bab43f582b9087283007_JaffaCakes118
-
Size
1.1MB
-
MD5
e89cb61349a6bab43f582b9087283007
-
SHA1
5c212383197a2eda5c09bb524789dba6913dc7e5
-
SHA256
3e82b45c9e0c1819eea7baad7fce402472f70d23023490e364b0fb213bbbedf5
-
SHA512
669b966a0ea1f083b12f02c1d96fe229ab12f412698d3d0d7c8c012c754cd88425302f17196a769401c20afefe894da58884e91070e2ec4973c7b405b5d923bc
-
SSDEEP
24576:adHPXnvcC964ukjOs1iq8ZqI1IT96teRRRRRRRRRRRRRRRRRRRm7pxV2AeC+H:a9vvM4sHq9QBFM
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-