Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f8c656d9ff2a5c0b21769b4e1033bde7_JaffaCakes118
-
Size
1.7MB
-
Sample
240926-t25eaaxbqm
-
MD5
f8c656d9ff2a5c0b21769b4e1033bde7
-
SHA1
c2e991aeb28ebf42c1f2dbfcbd4df6e2320ab3d2
-
SHA256
d6e501f0804b1fd3b62a32366a9845a7fd010a0434dac804ffcec95fa67267a3
-
SHA512
098b1ce3e5d95d318caccd1ce77be80484f7cef1aae807e3815f32fa2d49f74be7085c2f716187c7d074ea9e239ebfa1e5817b436c9c92e546bfc0e7560096ed
-
SSDEEP
6144:gCDZnh3bt0kqEZKjwF+IRTA/AntEymXZoelvYihONWKkIAL5wMYDkdIihf/FS/6P:gC1n395ElLNHwWKJAL5D3hna6
Static task
static1
Behavioral task
behavioral1
Sample
f8c656d9ff2a5c0b21769b4e1033bde7_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f8c656d9ff2a5c0b21769b4e1033bde7_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
limerat
-
aes_key
1205
-
antivm
false
-
c2_url
https://pastebin.com/raw/iRjhpqQL
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/iRjhpqQL
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
f8c656d9ff2a5c0b21769b4e1033bde7_JaffaCakes118
-
Size
1.7MB
-
MD5
f8c656d9ff2a5c0b21769b4e1033bde7
-
SHA1
c2e991aeb28ebf42c1f2dbfcbd4df6e2320ab3d2
-
SHA256
d6e501f0804b1fd3b62a32366a9845a7fd010a0434dac804ffcec95fa67267a3
-
SHA512
098b1ce3e5d95d318caccd1ce77be80484f7cef1aae807e3815f32fa2d49f74be7085c2f716187c7d074ea9e239ebfa1e5817b436c9c92e546bfc0e7560096ed
-
SSDEEP
6144:gCDZnh3bt0kqEZKjwF+IRTA/AntEymXZoelvYihONWKkIAL5wMYDkdIihf/FS/6P:gC1n395ElLNHwWKJAL5D3hna6
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-