Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0c34cca4d5a99b903bce88ec2fa5f676_JaffaCakes118
-
Size
109KB
-
Sample
241002-yd7xqataqn
-
MD5
0c34cca4d5a99b903bce88ec2fa5f676
-
SHA1
955d6d3df4c042fbc930da1f216df1c4f885b22b
-
SHA256
d638284493dba5b3159aaddb4149858077a84123594178acf26108b88d018fa4
-
SHA512
534dfa7af4b405a71d71ab1b417528f0114ae33bd987772ed4bc1618f36ab0b04c0482180249ec3df99448273228577a063e8b49463658b0335ae6dd864a4587
-
SSDEEP
3072:6EJ45tmfQJ4GerCLsyjYR7NTiNodTmi9ureB6yclfn1:mmfCPY3iNodF9ureVw9
Static task
static1
Behavioral task
behavioral1
Sample
0c34cca4d5a99b903bce88ec2fa5f676_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
0c34cca4d5a99b903bce88ec2fa5f676_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
pony
http://178.77.74.57:8080/ponyb/gate.php
http://v3cz.web2cio.com:8080/ponyb/gate.php
http://v3sk.web2cio.com:8080/ponyb/gate.php
http://217.198.116.126:8080/ponyb/gate.php
-
payload_url
http://download.ntb.de/jT48rXE.exe
http://xmk.karaoke-soft.com/Lz5.exe
http://sportservice-petzoldt.de/rHW.exe
Targets
-
-
Target
0c34cca4d5a99b903bce88ec2fa5f676_JaffaCakes118
-
Size
109KB
-
MD5
0c34cca4d5a99b903bce88ec2fa5f676
-
SHA1
955d6d3df4c042fbc930da1f216df1c4f885b22b
-
SHA256
d638284493dba5b3159aaddb4149858077a84123594178acf26108b88d018fa4
-
SHA512
534dfa7af4b405a71d71ab1b417528f0114ae33bd987772ed4bc1618f36ab0b04c0482180249ec3df99448273228577a063e8b49463658b0335ae6dd864a4587
-
SSDEEP
3072:6EJ45tmfQJ4GerCLsyjYR7NTiNodTmi9ureB6yclfn1:mmfCPY3iNodF9ureVw9
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-