Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fc481eef55550690716a35ccef072428_JaffaCakes118
-
Size
248KB
-
Sample
240928-phemasyalc
-
MD5
fc481eef55550690716a35ccef072428
-
SHA1
ca8c32164c615e179608a91ebae2c9dcc6662824
-
SHA256
263557f3ad580d4416c30aa31da0f72f817d72545cf923725e1a12231c9b06c7
-
SHA512
1941c62215faf76abc5aa62612d3a56498fc2dd675a1ef4fa4df36f77a1368f44c97ebc22aa1136319aee62667f53ec172ec41dc5efe346db5206ecf7c270d22
-
SSDEEP
3072:gLiF91QlWBybXxlXfsYKFLS0Xru2P/rOC0T8ojeotY:QiD11uXf1KUSvXrOCijT+
Malware Config
Targets
-
-
Target
fc481eef55550690716a35ccef072428_JaffaCakes118
-
Size
248KB
-
MD5
fc481eef55550690716a35ccef072428
-
SHA1
ca8c32164c615e179608a91ebae2c9dcc6662824
-
SHA256
263557f3ad580d4416c30aa31da0f72f817d72545cf923725e1a12231c9b06c7
-
SHA512
1941c62215faf76abc5aa62612d3a56498fc2dd675a1ef4fa4df36f77a1368f44c97ebc22aa1136319aee62667f53ec172ec41dc5efe346db5206ecf7c270d22
-
SSDEEP
3072:gLiF91QlWBybXxlXfsYKFLS0Xru2P/rOC0T8ojeotY:QiD11uXf1KUSvXrOCijT+
Score7/10-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1