Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e98245057e042d877b213adcd3635500_JaffaCakes118

  • Size

    98KB

  • Sample

    240918-tr266szgmc

  • MD5

    e98245057e042d877b213adcd3635500

  • SHA1

    14a7876d14629689bf185148c0d1986d55a19234

  • SHA256

    926f68e314ae13deb48c48eeb8f98877409e7cf8a4015947d271ffc1025d9266

  • SHA512

    1cebe9aa995700a78eb325c81a738057a63523fac4a05a88cb08ccd30f3fabab90c6eee41257e200196781d97129131a70b74524b95fc0e2d3443edfbae1d730

  • SSDEEP

    1536://vddwvkb+ZQzkL2reoHO7d8K1+VxW5+rH0iYtgIzmd2I:1dtzzCqc8Q8xWUrH9YtgUGP

Malware Config

Targets

    • Target

      e98245057e042d877b213adcd3635500_JaffaCakes118

    • Size

      98KB

    • MD5

      e98245057e042d877b213adcd3635500

    • SHA1

      14a7876d14629689bf185148c0d1986d55a19234

    • SHA256

      926f68e314ae13deb48c48eeb8f98877409e7cf8a4015947d271ffc1025d9266

    • SHA512

      1cebe9aa995700a78eb325c81a738057a63523fac4a05a88cb08ccd30f3fabab90c6eee41257e200196781d97129131a70b74524b95fc0e2d3443edfbae1d730

    • SSDEEP

      1536://vddwvkb+ZQzkL2reoHO7d8K1+VxW5+rH0iYtgIzmd2I:1dtzzCqc8Q8xWUrH9YtgUGP

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks