Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    06763035d7e557f1bb5388b428338198_JaffaCakes118

  • Size

    2.8MB

  • Sample

    241001-tlajzayark

  • MD5

    06763035d7e557f1bb5388b428338198

  • SHA1

    264dfbea351977ad7e19a1f5b274046630147e1b

  • SHA256

    ec25c6954d1942a38b93b3be3852ff0b9047a02ce10925439328e1e140f39df1

  • SHA512

    610c8a853e7ae7af490bedd549667e655910139204c8d49e6e0f719812d67e6e74150ae7ee90c574cbcb69b02991e1fad8a5cccc35f50eeb72e0637436787afb

  • SSDEEP

    12288:Phd/4NRod1S7X9ZjZpd1UAVYtbf8wCQqiA2fsXaTggvcsFt0sjVj:Pv/ORoPSXjx2AVYWsquf6xs7

Malware Config

Targets

    • Target

      06763035d7e557f1bb5388b428338198_JaffaCakes118

    • Size

      2.8MB

    • MD5

      06763035d7e557f1bb5388b428338198

    • SHA1

      264dfbea351977ad7e19a1f5b274046630147e1b

    • SHA256

      ec25c6954d1942a38b93b3be3852ff0b9047a02ce10925439328e1e140f39df1

    • SHA512

      610c8a853e7ae7af490bedd549667e655910139204c8d49e6e0f719812d67e6e74150ae7ee90c574cbcb69b02991e1fad8a5cccc35f50eeb72e0637436787afb

    • SSDEEP

      12288:Phd/4NRod1S7X9ZjZpd1UAVYtbf8wCQqiA2fsXaTggvcsFt0sjVj:Pv/ORoPSXjx2AVYWsquf6xs7

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks