Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f94444f5677cd30b531e2d9eed40991c_JaffaCakes118

  • Size

    401KB

  • Sample

    240926-2df1sa1crl

  • MD5

    f94444f5677cd30b531e2d9eed40991c

  • SHA1

    e6ba439064ea61986b02da6f81c292365655a8ed

  • SHA256

    8bcb1707d05db21b67a7281b1a6a972ba3efc51e9b34259962a30215363b6cc3

  • SHA512

    3538bdebae89e4491d6e182bf3a606401b0528f0fa3bf699f71ef5cf1e0436f907552e19c4b80f2325d5a387aa259936906c5b1d2b412161f34da031fba619bc

  • SSDEEP

    6144:f0fl8CZlpC8wTTT7zYIpDG3tLLQQFk8vCi98E71K0n5DFDh2E+ccEoWTruCY5MVI:M99ZlQ2QYk8TKE7U0tRhciuzTD

Malware Config

Targets

    • Target

      f94444f5677cd30b531e2d9eed40991c_JaffaCakes118

    • Size

      401KB

    • MD5

      f94444f5677cd30b531e2d9eed40991c

    • SHA1

      e6ba439064ea61986b02da6f81c292365655a8ed

    • SHA256

      8bcb1707d05db21b67a7281b1a6a972ba3efc51e9b34259962a30215363b6cc3

    • SHA512

      3538bdebae89e4491d6e182bf3a606401b0528f0fa3bf699f71ef5cf1e0436f907552e19c4b80f2325d5a387aa259936906c5b1d2b412161f34da031fba619bc

    • SSDEEP

      6144:f0fl8CZlpC8wTTT7zYIpDG3tLLQQFk8vCi98E71K0n5DFDh2E+ccEoWTruCY5MVI:M99ZlQ2QYk8TKE7U0tRhciuzTD

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks