Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cbbfe74029e6eb81ccc66d728428b328_JaffaCakes118
-
Size
596KB
-
Sample
241206-h9ecaawngt
-
MD5
cbbfe74029e6eb81ccc66d728428b328
-
SHA1
75ca75a839b5605286385329839d01986b11b19d
-
SHA256
e40c1359fa0e86c65f50363b88e29a7d4d24990195cc766273203c496393ebe4
-
SHA512
9a8e97265e9a777c8d5e7b9508c444b574a58dad184c6b008ecda3106926e9c0eed15d11c220282054d70d7a61afceb308c4d4c6ed611a0c0a516e5f4aef1c12
-
SSDEEP
12288:bGTJt5et/HePSr9fg/YiTRtILP8IQXbcZ9uDWUJLypTJ4JLvC5:mJfet/He6r9fUHmPpQAWSqkWLv
Static task
static1
Behavioral task
behavioral1
Sample
cbbfe74029e6eb81ccc66d728428b328_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
cryptbot
lysvay12.top
moroer01.top
-
payload_url
http://damuxa01.top/download.php?file=lv.exe
Targets
-
-
Target
cbbfe74029e6eb81ccc66d728428b328_JaffaCakes118
-
Size
596KB
-
MD5
cbbfe74029e6eb81ccc66d728428b328
-
SHA1
75ca75a839b5605286385329839d01986b11b19d
-
SHA256
e40c1359fa0e86c65f50363b88e29a7d4d24990195cc766273203c496393ebe4
-
SHA512
9a8e97265e9a777c8d5e7b9508c444b574a58dad184c6b008ecda3106926e9c0eed15d11c220282054d70d7a61afceb308c4d4c6ed611a0c0a516e5f4aef1c12
-
SSDEEP
12288:bGTJt5et/HePSr9fg/YiTRtILP8IQXbcZ9uDWUJLypTJ4JLvC5:mJfet/He6r9fUHmPpQAWSqkWLv
-
CryptBot payload
-
Cryptbot family
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-