Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    76612b5db3d14d3ed18b57609135eb55_JaffaCakes118

  • Size

    634KB

  • Sample

    241027-2xwwcavbqb

  • MD5

    76612b5db3d14d3ed18b57609135eb55

  • SHA1

    f51549310cfa4c9397648b06b79dac40fa77e216

  • SHA256

    32464249204fccaec35fd09941d5590b5187b1104083873b67d4792cd39ee3d6

  • SHA512

    14f3bfa1b5f82b3a32339adf44ed4caddbf35bc1b7f6de2da3bc981ea7668846c92c9711d478178a850f9e4785d28e03b2cf78ee0242a4186c3a9ca2f49e44b5

  • SSDEEP

    12288:RnIVuG4GjeZHkwuPikQ7lKH5p5H9x1MeZHkwuDifQJlKr5pgx+Td8zbB:RIwG4GjeZEXi37l6Br1MeZE7i4JlAIwO

Malware Config

Targets

    • Target

      76612b5db3d14d3ed18b57609135eb55_JaffaCakes118

    • Size

      634KB

    • MD5

      76612b5db3d14d3ed18b57609135eb55

    • SHA1

      f51549310cfa4c9397648b06b79dac40fa77e216

    • SHA256

      32464249204fccaec35fd09941d5590b5187b1104083873b67d4792cd39ee3d6

    • SHA512

      14f3bfa1b5f82b3a32339adf44ed4caddbf35bc1b7f6de2da3bc981ea7668846c92c9711d478178a850f9e4785d28e03b2cf78ee0242a4186c3a9ca2f49e44b5

    • SSDEEP

      12288:RnIVuG4GjeZHkwuPikQ7lKH5p5H9x1MeZHkwuDifQJlKr5pgx+Td8zbB:RIwG4GjeZEXi37l6Br1MeZE7i4JlAIwO

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home3090chaction.js

    • Size

      834B

    • MD5

      88effd84aea5ef2f4cf05da8959ef146

    • SHA1

      a8d0d2478e0633cb64a74914ab77d47a1706a0eb

    • SHA256

      5871af3c83824622952322929fe5fe85aef4038ce6860feb31cba7e3598f389f

    • SHA512

      0293701d01e8b2bd0ea591c4ec8fb477d55a02be11506e2a6f2f3fdff2e6057833e4084a7192ef777fa5a5a6896669a7583d36ddd04468576ce5cda6d7233ada

    Score
    3/10
    • Target

      ff/chrome/content/ffMediaWatchV1home3090.js

    • Size

      747B

    • MD5

      957e67f9cbadb5089a672b8a7a121676

    • SHA1

      24e048e3fbdd715cf1d744a3bcc89f0e74368682

    • SHA256

      89ee024cfbc07868da56ac99baf1e3fe40562e950a77034c5e98aa7a783df4f1

    • SHA512

      52b0498e2702e6cb94160c765806a799194cbc8bafc5553c8f46af078adb5e02d425aee635286fb643f2357e5e505e70e78624641edbe65916f93f5155449e37

    Score
    3/10
    • Target

      ff/chrome/content/ffMediaWatchV1home3090ffaction.js

    • Size

      678B

    • MD5

      e7e42749fa8a9f3724e9b726527f6493

    • SHA1

      749db7676c0e79f6122635ece90f9e55072be8ac

    • SHA256

      60dfcade850871d0d0919ecb49aa801a6c2cf2ecdbb48c66ae7b10cf52603433

    • SHA512

      1502b7023f948d5f7aed414645f5ad9c11246393da8ec232eb81c94e49eb1907c3e00ddbf5c11c8ba1921dd7647e33764188e1d5b11fb08cfe9eec61ebf453fc

    Score
    3/10
    • Target

      ie/MediaWatchV1home3090.dll

    • Size

      85KB

    • MD5

      ccf4a5e17d43613d18a425199655a3f8

    • SHA1

      577370da1c6da8baad131c077b44d235c7572609

    • SHA256

      f44942bc81276315bb8e08fdddeaa061b4f756c9cbbb9d6a44d5d36dd97df21a

    • SHA512

      fb919d6352c9eb7d77d35bdea211d6f5ea762b01d48809dd6593b0a1c9c7fa448ddf532bbbfc9b594519dbbd68015a8c4761816f8c4cf33729453d5f27fb7f40

    • SSDEEP

      1536:7MflScQkG04RvxtakrOb8DkxdzHgNglQaaP:klikG0EbakrOtzA+aaaP

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      4d0ef5c26791554cc7e4f6815d8465b6

    • SHA1

      c85ba0ac1efaad22cf022f124be4bff0a263f05d

    • SHA256

      0b4bf703b262a8aab56f7c0d480a8c7ea3c80ba6647baa2c8a0385e20ec54608

    • SHA512

      e5a33906de1e096c70a1ffce7932b48bc44cd4509e85a18c42460a27bca0ff40574123f3a7d8ad2d863e3656364b0808a9f91a87486bc53d9eec52123559d2ce

    • SSDEEP

      6144:Ee34SIpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1v:z0eZHkwuPikQ7lKH5p5H9x1v

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks