Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eed9563a67c11a72785bb03b7464588c_JaffaCakes118

  • Size

    24KB

  • Sample

    240921-cap2vazcmb

  • MD5

    eed9563a67c11a72785bb03b7464588c

  • SHA1

    c573a75c79844509e0886374a4f308d9c4a58ba6

  • SHA256

    ae75f745b91343e6b0fa7490e27d022896fb4f0f6b949ef13e9b1217c0680ff7

  • SHA512

    6cd8b46c9d16957c64c8f24f6ec0f0803f16a9fc9cfd1ce0f89506bc8500b855429d1ac19410e4aea65e0c6a166c50c7bd3c7042d4049602f20c021a8966e63b

  • SSDEEP

    384:Fhu//BkfGN15yrdjI+cRy2APBsLf45kSyf8K7MPZv9TCi:iBkeNeXdt5ADCCi

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    badrares

Targets

    • Target

      eed9563a67c11a72785bb03b7464588c_JaffaCakes118

    • Size

      24KB

    • MD5

      eed9563a67c11a72785bb03b7464588c

    • SHA1

      c573a75c79844509e0886374a4f308d9c4a58ba6

    • SHA256

      ae75f745b91343e6b0fa7490e27d022896fb4f0f6b949ef13e9b1217c0680ff7

    • SHA512

      6cd8b46c9d16957c64c8f24f6ec0f0803f16a9fc9cfd1ce0f89506bc8500b855429d1ac19410e4aea65e0c6a166c50c7bd3c7042d4049602f20c021a8966e63b

    • SSDEEP

      384:Fhu//BkfGN15yrdjI+cRy2APBsLf45kSyf8K7MPZv9TCi:iBkeNeXdt5ADCCi

    • Modifies WinLogon for persistence

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks