Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3e8ba128d482d62804dfe6043f5c3e20_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241013-h9bldsyhqp

  • MD5

    3e8ba128d482d62804dfe6043f5c3e20

  • SHA1

    5b32a32828a5e74f20bb584c86c1e2c6f9a078d6

  • SHA256

    6d0b1b4966e0fdd6789559dccc9e58705dec700a574123370d0d4c80392eedc7

  • SHA512

    e1aac6de99edd3bda1702e49820c7df65e69a0da09e6600a86eaddf4c0e725b1ef2af533671996cae912049b270672c13141571f7687a450898aa2647fe96485

  • SSDEEP

    24576:UQKUKub/0V6fr4k1EPhJ7HAjzVtNSxWkoXZo27Iw5l:3KUKubsO4cghONSxBqZo27Icl

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    haricerahku

Targets

    • Target

      3e8ba128d482d62804dfe6043f5c3e20_JaffaCakes118

    • Size

      1.1MB

    • MD5

      3e8ba128d482d62804dfe6043f5c3e20

    • SHA1

      5b32a32828a5e74f20bb584c86c1e2c6f9a078d6

    • SHA256

      6d0b1b4966e0fdd6789559dccc9e58705dec700a574123370d0d4c80392eedc7

    • SHA512

      e1aac6de99edd3bda1702e49820c7df65e69a0da09e6600a86eaddf4c0e725b1ef2af533671996cae912049b270672c13141571f7687a450898aa2647fe96485

    • SSDEEP

      24576:UQKUKub/0V6fr4k1EPhJ7HAjzVtNSxWkoXZo27Iw5l:3KUKubsO4cghONSxBqZo27Icl

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks