Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    419cdb25968484da3fd46924f237774d_JaffaCakes118

  • Size

    300KB

  • Sample

    241013-xzdqbsxhml

  • MD5

    419cdb25968484da3fd46924f237774d

  • SHA1

    3dce1a9445f491798a3a5d2a38d0f66e26b10844

  • SHA256

    2211891ff1d7341eeb54cda4e6a1ece31bc4eb9e09adc50a4f03d6a3c7d1053a

  • SHA512

    e70c18cf149dd6d1e4b0ee52e726e4d3d842c3569c91e3291bdbc5883c3d5afd70ecc2ea11826ab098abb90982024a44f71f4354b149e3efeb182b259a802ced

  • SSDEEP

    6144:7O/QJHZweEL/NOjCHm7FZZncoa77oNsKqqfPqOJ:78QpZsKCaioa/HKqoPqOJ

Malware Config

Targets

    • Target

      419cdb25968484da3fd46924f237774d_JaffaCakes118

    • Size

      300KB

    • MD5

      419cdb25968484da3fd46924f237774d

    • SHA1

      3dce1a9445f491798a3a5d2a38d0f66e26b10844

    • SHA256

      2211891ff1d7341eeb54cda4e6a1ece31bc4eb9e09adc50a4f03d6a3c7d1053a

    • SHA512

      e70c18cf149dd6d1e4b0ee52e726e4d3d842c3569c91e3291bdbc5883c3d5afd70ecc2ea11826ab098abb90982024a44f71f4354b149e3efeb182b259a802ced

    • SSDEEP

      6144:7O/QJHZweEL/NOjCHm7FZZncoa77oNsKqqfPqOJ:78QpZsKCaioa/HKqoPqOJ

    • Contacts a large (11438) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Writes file to system bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks