Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_7b6e32355587a65ca9d434152ebd7ef4
-
Size
408KB
-
Sample
250104-yd3m1awkdj
-
MD5
7b6e32355587a65ca9d434152ebd7ef4
-
SHA1
6ce649670be8e54ebaf3d018a030306e6bd8e070
-
SHA256
d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37
-
SHA512
d23ec6dd5aa6d7675eb0d4c4d567f3775fcfff9ccbbe6f71a1b76555d22ab06b66b69ed764cdd14e979d70d32bf212b9664682917bc27b54e0367a71f045157c
-
SSDEEP
6144:v7l/Mts0sXrneChRWcSUEC8ctAom2C+do4ON1ZA0bYQpBuLGlY+6iPHS/ei:hMSeChscpEBctA2Q11aPQ3/6/ei
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_7b6e32355587a65ca9d434152ebd7ef4.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
JaffaCakes118_7b6e32355587a65ca9d434152ebd7ef4.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_7b6e32355587a65ca9d434152ebd7ef4
-
Size
408KB
-
MD5
7b6e32355587a65ca9d434152ebd7ef4
-
SHA1
6ce649670be8e54ebaf3d018a030306e6bd8e070
-
SHA256
d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37
-
SHA512
d23ec6dd5aa6d7675eb0d4c4d567f3775fcfff9ccbbe6f71a1b76555d22ab06b66b69ed764cdd14e979d70d32bf212b9664682917bc27b54e0367a71f045157c
-
SSDEEP
6144:v7l/Mts0sXrneChRWcSUEC8ctAom2C+do4ON1ZA0bYQpBuLGlY+6iPHS/ei:hMSeChscpEBctA2Q11aPQ3/6/ei
-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2