Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd093c1edd9a2092e89493a0661bac0c_JaffaCakes118

  • Size

    346KB

  • Sample

    240928-yn32hstepr

  • MD5

    fd093c1edd9a2092e89493a0661bac0c

  • SHA1

    49ab55ccd8ead7c293335ab80acd65bf0ccfdfec

  • SHA256

    2c483e46aa4e15932d06bbbd39fc67e6548c864ba248e59b6d3bd2a8801e4b0a

  • SHA512

    994961ae7095c1946d38fc48eeae78f91857f4ff8ff037b24be640ba2291bccde9cd6658c95776c20d0d9551512bf198b96114bddbda4a99dc33d234da6a3feb

  • SSDEEP

    6144:vSncRlDRYyhtBJVszzjdgi6T7yFLro08gFVrvmnVW5GJZ2tNYLj8MfsPJe/Grdn4:K45fT3VUVFLB/FVSVzYKj86sPwMd4

Malware Config

Targets

    • Target

      fd093c1edd9a2092e89493a0661bac0c_JaffaCakes118

    • Size

      346KB

    • MD5

      fd093c1edd9a2092e89493a0661bac0c

    • SHA1

      49ab55ccd8ead7c293335ab80acd65bf0ccfdfec

    • SHA256

      2c483e46aa4e15932d06bbbd39fc67e6548c864ba248e59b6d3bd2a8801e4b0a

    • SHA512

      994961ae7095c1946d38fc48eeae78f91857f4ff8ff037b24be640ba2291bccde9cd6658c95776c20d0d9551512bf198b96114bddbda4a99dc33d234da6a3feb

    • SSDEEP

      6144:vSncRlDRYyhtBJVszzjdgi6T7yFLro08gFVrvmnVW5GJZ2tNYLj8MfsPJe/Grdn4:K45fT3VUVFLB/FVSVzYKj86sPwMd4

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks