Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf

  • Size

    7KB

  • Sample

    241224-lgwyeatqak

  • MD5

    2d279b1ff24694aedac0940f3e297a71

  • SHA1

    983522f60204a435e0b05ee93608303c177a296d

  • SHA256

    ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf

  • SHA512

    3948feaefed27971edf6d8f725a867b6975f54e9f9e183dfa8f61482303a300cb7910a920cf98ee5e7b65ef4e302f6da4b39d9a9a69cfd2b9c71af0cd1e9cde3

  • SSDEEP

    96:joRhn5eXGILYvLL8ervgBsM+PzzrDpoI1yF1dMFVBgDlBu3r77aC:UhnQlYvLL8e8GB9XN7BgHu37r

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.77.130:8080

Targets

    • Target

      JaffaCakes118_ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf

    • Size

      7KB

    • MD5

      2d279b1ff24694aedac0940f3e297a71

    • SHA1

      983522f60204a435e0b05ee93608303c177a296d

    • SHA256

      ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf

    • SHA512

      3948feaefed27971edf6d8f725a867b6975f54e9f9e183dfa8f61482303a300cb7910a920cf98ee5e7b65ef4e302f6da4b39d9a9a69cfd2b9c71af0cd1e9cde3

    • SSDEEP

      96:joRhn5eXGILYvLL8ervgBsM+PzzrDpoI1yF1dMFVBgDlBu3r77aC:UhnQlYvLL8e8GB9XN7BgHu37r

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks