Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1dbf99bb878f7cad04ba363045556071_JaffaCakes118
-
Size
146KB
-
Sample
241007-q1fgzssamf
-
MD5
1dbf99bb878f7cad04ba363045556071
-
SHA1
0508e0920f58b8f625c8320c37a55865cc5bbd83
-
SHA256
57f192912a082c6e1050024c27208e34e3f0b1ab9260ccceb27d6801b86a4956
-
SHA512
0291b044599fa1541ffdeb373f1599eec891a3025480f49a20df91b4d4f1100d6cf1792badbeac41aeea8c917de1f56d6879e0789928e14215404dc447542252
-
SSDEEP
3072:WAsj8MBX8s0oXJi45DgoHh8Z6W9MNiAjlUByUyDKQlF1RkD37977:WAsBZM43Hh8QWNGKQlF1RkH977
Static task
static1
Behavioral task
behavioral1
Sample
1dbf99bb878f7cad04ba363045556071_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1dbf99bb878f7cad04ba363045556071_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
jailer.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
jailer.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
netwire
6138.thruhere.net:6138
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
03
-
install_path
%AppData%\Skype\Skype.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
jwVDeYBU
-
offline_keylogger
true
-
password
zaq12wsxZ
-
registry_autorun
true
-
startup_name
Skypeupdates
-
use_mutex
true
Targets
-
-
Target
1dbf99bb878f7cad04ba363045556071_JaffaCakes118
-
Size
146KB
-
MD5
1dbf99bb878f7cad04ba363045556071
-
SHA1
0508e0920f58b8f625c8320c37a55865cc5bbd83
-
SHA256
57f192912a082c6e1050024c27208e34e3f0b1ab9260ccceb27d6801b86a4956
-
SHA512
0291b044599fa1541ffdeb373f1599eec891a3025480f49a20df91b4d4f1100d6cf1792badbeac41aeea8c917de1f56d6879e0789928e14215404dc447542252
-
SSDEEP
3072:WAsj8MBX8s0oXJi45DgoHh8Z6W9MNiAjlUByUyDKQlF1RkD37977:WAsBZM43Hh8QWNGKQlF1RkH977
-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
883eff06ac96966270731e4e22817e11
-
SHA1
523c87c98236cbc04430e87ec19b977595092ac8
-
SHA256
44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82
-
SHA512
60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390
-
SSDEEP
96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u
Score3/10 -
-
-
Target
jailer.dll
-
Size
68KB
-
MD5
b27418eaf58dd7af2a04e79396069737
-
SHA1
b2d50a8699a34ec2af3a08be4b9a00fd8c7a5985
-
SHA256
a1b7d3a3c2038d13e8b1b338c1027352133c8b77e0337c50d5852d4a4b310210
-
SHA512
0fa8757f6c67690f23574208db548705da23f0c7a8b5aa038876495d98748a046ca84486ae5900b8052ef2ca735ab4b9f6529c6e05a390cec8dd2c897f1bba6d
-
SSDEEP
768:9A5HHymr9ogwwOFpsmdh6PXhBUr92ff+JupEo+FKdmcNiHdVtLsU:9A5yQo5wsbdhQxmvho+USbtLsU
Score3/10 -