Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0e73a28ac29593cd3b0085af6282cfa9_JaffaCakes118
-
Size
99KB
-
Sample
241003-hnjd4szfnk
-
MD5
0e73a28ac29593cd3b0085af6282cfa9
-
SHA1
62c62e20c3d115f0a685b37e5f0ade49e85b824f
-
SHA256
9f66aee6217f6ed3af57c9ece4bc3cd322f2a287fbf874e456ef9679e4997160
-
SHA512
0d9ab89fd2777f88b0e4b965cd668a9e7174b6c274a7d330ce97609d031c7b4700d1f9cff70fb6fc689503604848950dfb6100c133454603473d2690791d33f6
-
SSDEEP
3072:h9yRanot7rcXB/SiSXi7JHmDR7IktENxgFV:jyRano1AEiSXiI7/ENO
Static task
static1
Behavioral task
behavioral1
Sample
0e73a28ac29593cd3b0085af6282cfa9_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0e73a28ac29593cd3b0085af6282cfa9_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
0e73a28ac29593cd3b0085af6282cfa9_JaffaCakes118
-
Size
99KB
-
MD5
0e73a28ac29593cd3b0085af6282cfa9
-
SHA1
62c62e20c3d115f0a685b37e5f0ade49e85b824f
-
SHA256
9f66aee6217f6ed3af57c9ece4bc3cd322f2a287fbf874e456ef9679e4997160
-
SHA512
0d9ab89fd2777f88b0e4b965cd668a9e7174b6c274a7d330ce97609d031c7b4700d1f9cff70fb6fc689503604848950dfb6100c133454603473d2690791d33f6
-
SSDEEP
3072:h9yRanot7rcXB/SiSXi7JHmDR7IktENxgFV:jyRano1AEiSXiI7/ENO
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-