Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f6173297af82d03740d8a171fc88c681_JaffaCakes118
-
Size
126KB
-
Sample
240925-qgd5taxcjj
-
MD5
f6173297af82d03740d8a171fc88c681
-
SHA1
ea88102573804d9bc39ad2b472065395ac0068ac
-
SHA256
341d2a148986be232f6ca27e6c1caee50dff1a127fef3f3fccc87c54eadc8fb7
-
SHA512
20a6f19e36bb035b475949ad9b291c567802eb7dc60a21fefc29e20ad0fed3b2d4ac987cda176cdea92c7efa24066dc993e7839089e700ffc32432d5fb7c5043
-
SSDEEP
3072:yJq35L0a1Oop/Cs5D7GV8TXy1dqd5QBSZdO1KhJh:yJRoOoJb5/GV8LVdXu
Static task
static1
Behavioral task
behavioral1
Sample
f6173297af82d03740d8a171fc88c681_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
f6173297af82d03740d8a171fc88c681_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
pony
http://blog.ritual.ca:8080/forum/viewtopic.php
http://dontgetcaught.ca:8080/forum/viewtopic.php
http://justcateringfoodservices.com:8080/forum/viewtopic.php
http://lumberlandnorth.com:8080/forum/viewtopic.php
-
payload_url
http://bluegrassornamentaliron.com/5AUPnx.exe
http://mariefredbk.se/TE2ECpWp.exe
http://stefan-auerswald.de/jPA.exe
Targets
-
-
Target
f6173297af82d03740d8a171fc88c681_JaffaCakes118
-
Size
126KB
-
MD5
f6173297af82d03740d8a171fc88c681
-
SHA1
ea88102573804d9bc39ad2b472065395ac0068ac
-
SHA256
341d2a148986be232f6ca27e6c1caee50dff1a127fef3f3fccc87c54eadc8fb7
-
SHA512
20a6f19e36bb035b475949ad9b291c567802eb7dc60a21fefc29e20ad0fed3b2d4ac987cda176cdea92c7efa24066dc993e7839089e700ffc32432d5fb7c5043
-
SSDEEP
3072:yJq35L0a1Oop/Cs5D7GV8TXy1dqd5QBSZdO1KhJh:yJRoOoJb5/GV8LVdXu
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-