Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fa242b0ab4a25ab86c7b7edbe1362938_JaffaCakes118
-
Size
157KB
-
Sample
240927-lbnpvavhjj
-
MD5
fa242b0ab4a25ab86c7b7edbe1362938
-
SHA1
97e171208589c9bc0e6500663a475990f6925846
-
SHA256
b66eb4fbd5e1e91345c35b6b282d6c76e367754dfeec645b304a22e636fa4c48
-
SHA512
d5b70fdd8aac44bcad756775f3b3ef1bc80fa9637ba310a79dcd388df962062cdaf70f5b524a93a5488bfc81cce30862aa4211c23ad12ec20827890b2370d189
-
SSDEEP
3072:iueT6TNFCaIxBhi4cXAk6S7+MeJJooCJ:ih6TNFCaIxBhz1FSyJJy
Static task
static1
Behavioral task
behavioral1
Sample
fa242b0ab4a25ab86c7b7edbe1362938_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fa242b0ab4a25ab86c7b7edbe1362938_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://66.175.215.102/forum/viewtopic.php
-
payload_url
http://www.chandlerbacker.com/J9K.exe
http://bobinlaminasyonmakinalari.com/o9RYHbCx.exe
http://broadbentcompany.wsisrdev.com/KbGb.exe
Targets
-
-
Target
fa242b0ab4a25ab86c7b7edbe1362938_JaffaCakes118
-
Size
157KB
-
MD5
fa242b0ab4a25ab86c7b7edbe1362938
-
SHA1
97e171208589c9bc0e6500663a475990f6925846
-
SHA256
b66eb4fbd5e1e91345c35b6b282d6c76e367754dfeec645b304a22e636fa4c48
-
SHA512
d5b70fdd8aac44bcad756775f3b3ef1bc80fa9637ba310a79dcd388df962062cdaf70f5b524a93a5488bfc81cce30862aa4211c23ad12ec20827890b2370d189
-
SSDEEP
3072:iueT6TNFCaIxBhi4cXAk6S7+MeJJooCJ:ih6TNFCaIxBhz1FSyJJy
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-