Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
06763035d7e557f1bb5388b428338198_JaffaCakes118
-
Size
2.8MB
-
Sample
241001-tlajzayark
-
MD5
06763035d7e557f1bb5388b428338198
-
SHA1
264dfbea351977ad7e19a1f5b274046630147e1b
-
SHA256
ec25c6954d1942a38b93b3be3852ff0b9047a02ce10925439328e1e140f39df1
-
SHA512
610c8a853e7ae7af490bedd549667e655910139204c8d49e6e0f719812d67e6e74150ae7ee90c574cbcb69b02991e1fad8a5cccc35f50eeb72e0637436787afb
-
SSDEEP
12288:Phd/4NRod1S7X9ZjZpd1UAVYtbf8wCQqiA2fsXaTggvcsFt0sjVj:Pv/ORoPSXjx2AVYWsquf6xs7
Malware Config
Targets
-
-
Target
06763035d7e557f1bb5388b428338198_JaffaCakes118
-
Size
2.8MB
-
MD5
06763035d7e557f1bb5388b428338198
-
SHA1
264dfbea351977ad7e19a1f5b274046630147e1b
-
SHA256
ec25c6954d1942a38b93b3be3852ff0b9047a02ce10925439328e1e140f39df1
-
SHA512
610c8a853e7ae7af490bedd549667e655910139204c8d49e6e0f719812d67e6e74150ae7ee90c574cbcb69b02991e1fad8a5cccc35f50eeb72e0637436787afb
-
SSDEEP
12288:Phd/4NRod1S7X9ZjZpd1UAVYtbf8wCQqiA2fsXaTggvcsFt0sjVj:Pv/ORoPSXjx2AVYWsquf6xs7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3