Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eccf8ac19437cab9813a7c3d4f433714_JaffaCakes118
-
Size
297KB
-
Sample
241213-1cw5yazrcl
-
MD5
eccf8ac19437cab9813a7c3d4f433714
-
SHA1
0fa355d8d2be7e78684bac697d71e27114ba96b1
-
SHA256
bd557f84277a8c9f4098474f8449c78ca3c5afa108215ae44fb61668b2c0cfba
-
SHA512
1165649f55f7e094803c95fc4eb518c176a9b8dd33c046166331d619ea30a7e50c85585ef3a5a723291caee487796a2f6b81e34cae0c69dc698cf7b688140d81
-
SSDEEP
6144:nbgMF6Phu8oFvYCUUG1mOvebfIL1h/bDg6EMGT63V9bBh:bgfuD7meTq1hDDZGm3Vbh
Static task
static1
Behavioral task
behavioral1
Sample
eccf8ac19437cab9813a7c3d4f433714_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
eccf8ac19437cab9813a7c3d4f433714_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1898788581:AAEbsCzTih-rxVDH11H9U8nZ_h_9VfJgvh4/sendDocument
Targets
-
-
Target
eccf8ac19437cab9813a7c3d4f433714_JaffaCakes118
-
Size
297KB
-
MD5
eccf8ac19437cab9813a7c3d4f433714
-
SHA1
0fa355d8d2be7e78684bac697d71e27114ba96b1
-
SHA256
bd557f84277a8c9f4098474f8449c78ca3c5afa108215ae44fb61668b2c0cfba
-
SHA512
1165649f55f7e094803c95fc4eb518c176a9b8dd33c046166331d619ea30a7e50c85585ef3a5a723291caee487796a2f6b81e34cae0c69dc698cf7b688140d81
-
SSDEEP
6144:nbgMF6Phu8oFvYCUUG1mOvebfIL1h/bDg6EMGT63V9bBh:bgfuD7meTq1hDDZGm3Vbh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-