Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    540b207df76a3bb1b7a89648a8eb8ee4_JaffaCakes118

  • Size

    2.3MB

  • Sample

    241017-2dl7sszgqd

  • MD5

    540b207df76a3bb1b7a89648a8eb8ee4

  • SHA1

    5382bd353fb554b03402c7c44f60354f6a00c515

  • SHA256

    e8dab01f1dd1c9f73e5e51b0868420fd5a848ebaf72086b187b50b7128bd6a11

  • SHA512

    ccddcbe8c37e889f06539e474c4fc6fd747679a774d8625447884d4b83cc843d02a297df06e190ed3490cd37d12ce7eda0603a3506b251d39d1c3bddf7cfc6e1

  • SSDEEP

    49152:SG2M6/n24tu5PYM66TTRTTiTT9AlrlUDnl47Le96ETTTTjlMz:SnofJEiB2n2wCz

Malware Config

Targets

    • Target

      540b207df76a3bb1b7a89648a8eb8ee4_JaffaCakes118

    • Size

      2.3MB

    • MD5

      540b207df76a3bb1b7a89648a8eb8ee4

    • SHA1

      5382bd353fb554b03402c7c44f60354f6a00c515

    • SHA256

      e8dab01f1dd1c9f73e5e51b0868420fd5a848ebaf72086b187b50b7128bd6a11

    • SHA512

      ccddcbe8c37e889f06539e474c4fc6fd747679a774d8625447884d4b83cc843d02a297df06e190ed3490cd37d12ce7eda0603a3506b251d39d1c3bddf7cfc6e1

    • SSDEEP

      49152:SG2M6/n24tu5PYM66TTRTTiTT9AlrlUDnl47Le96ETTTTjlMz:SnofJEiB2n2wCz

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks