Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fc1006824cb66d17c68f1ffa53b37c4b_JaffaCakes118

  • Size

    3KB

  • Sample

    240928-l41vwazdpp

  • MD5

    fc1006824cb66d17c68f1ffa53b37c4b

  • SHA1

    c54b745011bccb3d068ba74a4e543cb2de1043a4

  • SHA256

    95ca946aef501e5114c26cb6ef895dbc29761b4f7d6bbccc22e4bfbde1be6759

  • SHA512

    1d14c5b3058c994cf542807a4341510453fda81ea9a67cfc5038b2f8fc5e80fca3271c44a9c937d2366a140e197ec605bf280a18278cae6886fa939fb28053c0

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=0B3AM8u080I_Pb2I2dXdkaUxHWm8

Targets

    • Target

      fc1006824cb66d17c68f1ffa53b37c4b_JaffaCakes118

    • Size

      3KB

    • MD5

      fc1006824cb66d17c68f1ffa53b37c4b

    • SHA1

      c54b745011bccb3d068ba74a4e543cb2de1043a4

    • SHA256

      95ca946aef501e5114c26cb6ef895dbc29761b4f7d6bbccc22e4bfbde1be6759

    • SHA512

      1d14c5b3058c994cf542807a4341510453fda81ea9a67cfc5038b2f8fc5e80fca3271c44a9c937d2366a140e197ec605bf280a18278cae6886fa939fb28053c0

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

    • Legitimate hosting services abused for malware hosting/C2

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks