Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_7b6e32355587a65ca9d434152ebd7ef4

  • Size

    408KB

  • Sample

    250104-yd3m1awkdj

  • MD5

    7b6e32355587a65ca9d434152ebd7ef4

  • SHA1

    6ce649670be8e54ebaf3d018a030306e6bd8e070

  • SHA256

    d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37

  • SHA512

    d23ec6dd5aa6d7675eb0d4c4d567f3775fcfff9ccbbe6f71a1b76555d22ab06b66b69ed764cdd14e979d70d32bf212b9664682917bc27b54e0367a71f045157c

  • SSDEEP

    6144:v7l/Mts0sXrneChRWcSUEC8ctAom2C+do4ON1ZA0bYQpBuLGlY+6iPHS/ei:hMSeChscpEBctA2Q11aPQ3/6/ei

Malware Config

Targets

    • Target

      JaffaCakes118_7b6e32355587a65ca9d434152ebd7ef4

    • Size

      408KB

    • MD5

      7b6e32355587a65ca9d434152ebd7ef4

    • SHA1

      6ce649670be8e54ebaf3d018a030306e6bd8e070

    • SHA256

      d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37

    • SHA512

      d23ec6dd5aa6d7675eb0d4c4d567f3775fcfff9ccbbe6f71a1b76555d22ab06b66b69ed764cdd14e979d70d32bf212b9664682917bc27b54e0367a71f045157c

    • SSDEEP

      6144:v7l/Mts0sXrneChRWcSUEC8ctAom2C+do4ON1ZA0bYQpBuLGlY+6iPHS/ei:hMSeChscpEBctA2Q11aPQ3/6/ei

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • Isrstealer family

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.