Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e93aef6a932c5f316d7842b8d633b48d_JaffaCakes118
-
Size
180KB
-
Sample
240918-qtj7latbnf
-
MD5
e93aef6a932c5f316d7842b8d633b48d
-
SHA1
d9a513e55a5d951e25e5fdccec6b71bb84a2899e
-
SHA256
735110feb84713dfcf393f2c56379cc8faaa2726243bbf76f68424c6195bd9ef
-
SHA512
65df8e35317ae804f7a649a400626cd11f894e6a4a23f59c32f0c0b87b1690aa5ecdf4345d48ccaf5e18fc3095a3dbd2d4b2d22d0e1eb9913bd342b84cbbfddc
-
SSDEEP
3072:TTygEZjisnO5/l2SWOIjWLFGBiMiJsPHXgWPSVDvqT6UcrOQVbO4LiLS5UxiIYWk:TTygozCTWfKGcPOPwSSETS/1ESyxiIYp
Malware Config
Targets
-
-
Target
e93aef6a932c5f316d7842b8d633b48d_JaffaCakes118
-
Size
180KB
-
MD5
e93aef6a932c5f316d7842b8d633b48d
-
SHA1
d9a513e55a5d951e25e5fdccec6b71bb84a2899e
-
SHA256
735110feb84713dfcf393f2c56379cc8faaa2726243bbf76f68424c6195bd9ef
-
SHA512
65df8e35317ae804f7a649a400626cd11f894e6a4a23f59c32f0c0b87b1690aa5ecdf4345d48ccaf5e18fc3095a3dbd2d4b2d22d0e1eb9913bd342b84cbbfddc
-
SSDEEP
3072:TTygEZjisnO5/l2SWOIjWLFGBiMiJsPHXgWPSVDvqT6UcrOQVbO4LiLS5UxiIYWk:TTygozCTWfKGcPOPwSSETS/1ESyxiIYp
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1