Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ef5b493d9f0cc3fc77d176514f59ebce_JaffaCakes118

  • Size

    176KB

  • Sample

    240921-jqqfwasarp

  • MD5

    ef5b493d9f0cc3fc77d176514f59ebce

  • SHA1

    159383df978d817fda509c2f6cbb3ce64f70f24c

  • SHA256

    582c7a9d41684c01b503c411ce2edacd1bcf1b298e7c904718a55f3889d28509

  • SHA512

    01d2eea3434725f42fcba2aa4516d3e9b07de5de878ccd37910a58b7c7f65126987a09c7975213462360d8745eb2996b1151ac218b58666926b4de6b62749fdf

  • SSDEEP

    1536:2WU4j6iAxUazRrE8272/S8vZMQKXPRnZoJ3pTJZQb:2WUQ6iAxdxL26xvZiZnSJ3pTJSb

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1VVEsy2z-Lqx6Tkbg4tlN6vp80EESLHVt

xor.base64

Targets

    • Target

      ef5b493d9f0cc3fc77d176514f59ebce_JaffaCakes118

    • Size

      176KB

    • MD5

      ef5b493d9f0cc3fc77d176514f59ebce

    • SHA1

      159383df978d817fda509c2f6cbb3ce64f70f24c

    • SHA256

      582c7a9d41684c01b503c411ce2edacd1bcf1b298e7c904718a55f3889d28509

    • SHA512

      01d2eea3434725f42fcba2aa4516d3e9b07de5de878ccd37910a58b7c7f65126987a09c7975213462360d8745eb2996b1151ac218b58666926b4de6b62749fdf

    • SSDEEP

      1536:2WU4j6iAxUazRrE8272/S8vZMQKXPRnZoJ3pTJZQb:2WUQ6iAxdxL26xvZiZnSJ3pTJSb

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks