Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2ab67006fad0b7b4e8fb6496e221a529_JaffaCakes118
-
Size
4.4MB
-
Sample
241009-eyaceazerf
-
MD5
2ab67006fad0b7b4e8fb6496e221a529
-
SHA1
47f849e72bd7d203755775eebef19e1efa71ee19
-
SHA256
5cb7dc8f48821f9e1f48c9d2d52f0f8e435c1286e5e0df3551f614deccdc47dc
-
SHA512
a6ed4b8ae46d5bfdc802054c8ca428500473d29a736e1277c9654c6dfa2ae481a9e5fe0c505e0be0beddc86f880d0212483014968f41e5d93c15190877b16452
-
SSDEEP
98304:HnGhGTPqSqfA0kWqa+5RmaH9ieepOs6435I58hsNcA5Pa:mBI02a+5gageepOs6435I58hS
Static task
static1
Behavioral task
behavioral1
Sample
2ab67006fad0b7b4e8fb6496e221a529_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
socelars
http://www.iyiqian.com/
http://www.xxhufdc.top/
http://www.uefhkice.xyz/
http://www.fcektsy.top/
Extracted
gcleaner
ggc-partners.in
Targets
-
-
Target
2ab67006fad0b7b4e8fb6496e221a529_JaffaCakes118
-
Size
4.4MB
-
MD5
2ab67006fad0b7b4e8fb6496e221a529
-
SHA1
47f849e72bd7d203755775eebef19e1efa71ee19
-
SHA256
5cb7dc8f48821f9e1f48c9d2d52f0f8e435c1286e5e0df3551f614deccdc47dc
-
SHA512
a6ed4b8ae46d5bfdc802054c8ca428500473d29a736e1277c9654c6dfa2ae481a9e5fe0c505e0be0beddc86f880d0212483014968f41e5d93c15190877b16452
-
SSDEEP
98304:HnGhGTPqSqfA0kWqa+5RmaH9ieepOs6435I58hsNcA5Pa:mBI02a+5gageepOs6435I58hS
-
Socelars payload
-
OnlyLogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1