Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fca7479a10b70e422c824990fc8e44a6_JaffaCakes118

  • Size

    451KB

  • Sample

    240928-tg87qsthjk

  • MD5

    fca7479a10b70e422c824990fc8e44a6

  • SHA1

    f44c9dacba2e60df8864c5cf80fcb24b1cbc5c0d

  • SHA256

    3f74053f3095407c621c4137d53e5eaef12dae9cfcbaf08b49949d839eac35ad

  • SHA512

    a3a9a63d507ee4f5fe3319e92f38deaa3c7ac091a45e7f223636c90062f537beb74105ba73188759afc298b48353b175f2f4fe6474c1b88f7ed5ad621ce579fd

  • SSDEEP

    12288:mv3OOvT/V3UUVXNckpICmXx0y90z888888888888W88888888888cZxH:kvT/ZUsdXCCmXx0ypZxH

Malware Config

Targets

    • Target

      fca7479a10b70e422c824990fc8e44a6_JaffaCakes118

    • Size

      451KB

    • MD5

      fca7479a10b70e422c824990fc8e44a6

    • SHA1

      f44c9dacba2e60df8864c5cf80fcb24b1cbc5c0d

    • SHA256

      3f74053f3095407c621c4137d53e5eaef12dae9cfcbaf08b49949d839eac35ad

    • SHA512

      a3a9a63d507ee4f5fe3319e92f38deaa3c7ac091a45e7f223636c90062f537beb74105ba73188759afc298b48353b175f2f4fe6474c1b88f7ed5ad621ce579fd

    • SSDEEP

      12288:mv3OOvT/V3UUVXNckpICmXx0y90z888888888888W88888888888cZxH:kvT/ZUsdXCCmXx0ypZxH

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks