Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_658468285074d4dba41a9d5598139610

  • Size

    630KB

  • Sample

    250102-q2aywswrfk

  • MD5

    658468285074d4dba41a9d5598139610

  • SHA1

    94164266a39d39126885b6ad2e7c8cb6619c6ecc

  • SHA256

    020b23f229e7f0d7dcaf21d106cb4848c15d88ad4c0eaef42dcab0ad9ddb620a

  • SHA512

    9c2e4120806b2efecf6a8fa30406b606ea1d3fe72a36a31f55780cbfb6b362a651f34985be7a9ea94d8c94567f1ce36a050f31e6455adc708161771c59651c4b

  • SSDEEP

    12288:Fo25X5l/zQerKrGE9VzGm/Ab0bWIspaUm5A2SKluFFS8h:K25X5ltGrGE94m7smBiF

Malware Config

Targets

    • Target

      JaffaCakes118_658468285074d4dba41a9d5598139610

    • Size

      630KB

    • MD5

      658468285074d4dba41a9d5598139610

    • SHA1

      94164266a39d39126885b6ad2e7c8cb6619c6ecc

    • SHA256

      020b23f229e7f0d7dcaf21d106cb4848c15d88ad4c0eaef42dcab0ad9ddb620a

    • SHA512

      9c2e4120806b2efecf6a8fa30406b606ea1d3fe72a36a31f55780cbfb6b362a651f34985be7a9ea94d8c94567f1ce36a050f31e6455adc708161771c59651c4b

    • SSDEEP

      12288:Fo25X5l/zQerKrGE9VzGm/Ab0bWIspaUm5A2SKluFFS8h:K25X5ltGrGE94m7smBiF

    • Expiro family

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks