Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    431d52eecffee9238010f5479a45da01_JaffaCakes118

  • Size

    1.7MB

  • Sample

    241014-t1msvaydkp

  • MD5

    431d52eecffee9238010f5479a45da01

  • SHA1

    5fd9ed8d94df62381dd76077fade0f201490387b

  • SHA256

    dd7cbd59edd300dae05075e96dadc574728ce900bda00ce0131ab7bff4117a38

  • SHA512

    09a9d4a8886d135a320132d090115e48f5060bac53210e4f327102ba6564c45e92f5aacb976fc685b67e2c76249b639f5dece3076d9e8d58de5e1264a5eecda3

  • SSDEEP

    49152:/I0Dszc4WyPoBJFEswLXDnZh/klmMoXLuejK:/hszGJF76T//klA79jK

Malware Config

Targets

    • Target

      431d52eecffee9238010f5479a45da01_JaffaCakes118

    • Size

      1.7MB

    • MD5

      431d52eecffee9238010f5479a45da01

    • SHA1

      5fd9ed8d94df62381dd76077fade0f201490387b

    • SHA256

      dd7cbd59edd300dae05075e96dadc574728ce900bda00ce0131ab7bff4117a38

    • SHA512

      09a9d4a8886d135a320132d090115e48f5060bac53210e4f327102ba6564c45e92f5aacb976fc685b67e2c76249b639f5dece3076d9e8d58de5e1264a5eecda3

    • SSDEEP

      49152:/I0Dszc4WyPoBJFEswLXDnZh/klmMoXLuejK:/hszGJF76T//klA79jK

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks