Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_620efd5bbd4b9775f3fcdd716f866330

  • Size

    536KB

  • Sample

    250102-cr94cazrbm

  • MD5

    620efd5bbd4b9775f3fcdd716f866330

  • SHA1

    32c6c2a9098a3458b30ba9b9afb7905a5a82a182

  • SHA256

    4b6aae8706e38f99b693eb04f2324431e0606a80fb5740bae2dbf2a57083f63f

  • SHA512

    3b8cc5c7397003c331941b34debdc2697a3973d3902007f712f5aea5c0127bde7fdb3bed4a51a49f1bdc024cf0bcf3fd4e7779ce7c5a9064832524e9ed067595

  • SSDEEP

    6144:81LbedrXB7DpNIV711Y3oiMxCZMMCSithEtU/VRl04yoAMKQUrM6w1OtnmJg6nYt:ULgrXtTs1+dYSBtOl92KEZmC6Sw9vub

Malware Config

Targets

    • Target

      JaffaCakes118_620efd5bbd4b9775f3fcdd716f866330

    • Size

      536KB

    • MD5

      620efd5bbd4b9775f3fcdd716f866330

    • SHA1

      32c6c2a9098a3458b30ba9b9afb7905a5a82a182

    • SHA256

      4b6aae8706e38f99b693eb04f2324431e0606a80fb5740bae2dbf2a57083f63f

    • SHA512

      3b8cc5c7397003c331941b34debdc2697a3973d3902007f712f5aea5c0127bde7fdb3bed4a51a49f1bdc024cf0bcf3fd4e7779ce7c5a9064832524e9ed067595

    • SSDEEP

      6144:81LbedrXB7DpNIV711Y3oiMxCZMMCSithEtU/VRl04yoAMKQUrM6w1OtnmJg6nYt:ULgrXtTs1+dYSBtOl92KEZmC6Sw9vub

    • Expiro family

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks