Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ebc76496f4a778927cc6d314d15d8d78_JaffaCakes118

  • Size

    130KB

  • Sample

    240919-vdzpkazdqm

  • MD5

    ebc76496f4a778927cc6d314d15d8d78

  • SHA1

    d7e8cb0c64ce62da718266158e5a70bd5f844843

  • SHA256

    fdbddf2ff3afbf687bd145b235cef7435f69ca6ab8fef7c113cdef73d21be7ef

  • SHA512

    38d08553b740025d9fd56e7d29ee6608574a7ee50be29d7b24f28c29af615b1cbcd9ea59d65152dcc714b8e6967ba87ac37c8539d467141b4fb6ce7f552187da

  • SSDEEP

    3072:Nnr9AAFoZChczKk3+RQX2I/2is8oeJxQUUyKeWQgxM/9+Z3:NnpAAFGChczKWUI2es8oeJxdUGWQqM/o

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

    • Target

      ebc76496f4a778927cc6d314d15d8d78_JaffaCakes118

    • Size

      130KB

    • MD5

      ebc76496f4a778927cc6d314d15d8d78

    • SHA1

      d7e8cb0c64ce62da718266158e5a70bd5f844843

    • SHA256

      fdbddf2ff3afbf687bd145b235cef7435f69ca6ab8fef7c113cdef73d21be7ef

    • SHA512

      38d08553b740025d9fd56e7d29ee6608574a7ee50be29d7b24f28c29af615b1cbcd9ea59d65152dcc714b8e6967ba87ac37c8539d467141b4fb6ce7f552187da

    • SSDEEP

      3072:Nnr9AAFoZChczKk3+RQX2I/2is8oeJxQUUyKeWQgxM/9+Z3:NnpAAFGChczKWUI2es8oeJxdUGWQqM/o

    • Contacts a large (49129) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks