Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8541c3e5a2fea353fab1657575993319_JaffaCakes118
-
Size
534KB
-
Sample
241102-nst93atamg
-
MD5
8541c3e5a2fea353fab1657575993319
-
SHA1
95383648af291e339dfa628a3950686e822e93d5
-
SHA256
4897564a8c3fd201eb272b044f8c17a2518e6cc10fa6d1bbff806b4f012805ec
-
SHA512
0ce82bf2397186e93d1f5f0f66576536dd66462d940b781a8e0f0e52041d3d3ca604dbfd15a3c4ee196780ecf23d9145edb997d9927a9f2261aaecb305ab7fe4
-
SSDEEP
12288:8urQ2eY45lYMxuqLOjy9lmbCKyBXUe7S/kVpprgPs:nGlY8xheO/ke7SaR
Static task
static1
Behavioral task
behavioral1
Sample
8541c3e5a2fea353fab1657575993319_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
gozi
-
build
215798
Targets
-
-
Target
8541c3e5a2fea353fab1657575993319_JaffaCakes118
-
Size
534KB
-
MD5
8541c3e5a2fea353fab1657575993319
-
SHA1
95383648af291e339dfa628a3950686e822e93d5
-
SHA256
4897564a8c3fd201eb272b044f8c17a2518e6cc10fa6d1bbff806b4f012805ec
-
SHA512
0ce82bf2397186e93d1f5f0f66576536dd66462d940b781a8e0f0e52041d3d3ca604dbfd15a3c4ee196780ecf23d9145edb997d9927a9f2261aaecb305ab7fe4
-
SSDEEP
12288:8urQ2eY45lYMxuqLOjy9lmbCKyBXUe7S/kVpprgPs:nGlY8xheO/ke7SaR
-
Gozi family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-