Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cfc25902697dc254bd83fc9c75722270_JaffaCakes118

  • Size

    167KB

  • Sample

    241207-amvrravrhx

  • MD5

    cfc25902697dc254bd83fc9c75722270

  • SHA1

    9a7657ad5c6d4b8d4e8f8b33d0532906af23325c

  • SHA256

    4ad406b6e4bb89e3f8e3778aac25abd6ba02330480aa5769d689c87737083f71

  • SHA512

    b2294cc83c6d06f10a431678e72d32201be5bbc970473ab6afb6f7e2b5fec4b594d840500764a73556286aabd18ec37076ddba99ab634ab4efedcc94fadb78db

  • SSDEEP

    3072:neva8lOsLXBuwOJKPy9tknHrtU5pT5lEauFOc6AqauLyRK5PKGVB4MzeL:Sll2kHrtWPEhOcVRo

Malware Config

Targets

    • Target

      cfc25902697dc254bd83fc9c75722270_JaffaCakes118

    • Size

      167KB

    • MD5

      cfc25902697dc254bd83fc9c75722270

    • SHA1

      9a7657ad5c6d4b8d4e8f8b33d0532906af23325c

    • SHA256

      4ad406b6e4bb89e3f8e3778aac25abd6ba02330480aa5769d689c87737083f71

    • SHA512

      b2294cc83c6d06f10a431678e72d32201be5bbc970473ab6afb6f7e2b5fec4b594d840500764a73556286aabd18ec37076ddba99ab634ab4efedcc94fadb78db

    • SSDEEP

      3072:neva8lOsLXBuwOJKPy9tknHrtU5pT5lEauFOc6AqauLyRK5PKGVB4MzeL:Sll2kHrtWPEhOcVRo

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Tinba family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks