Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...f4.exe

windows7-x64

10

JaffaCakes...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7b6e32355587a65ca9d434152ebd7ef4

  • Size

    408KB

  • Sample

    250104-yd3m1awkdj

  • MD5

    7b6e32355587a65ca9d434152ebd7ef4

  • SHA1

    6ce649670be8e54ebaf3d018a030306e6bd8e070

  • SHA256

    d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37

  • SHA512

    d23ec6dd5aa6d7675eb0d4c4d567f3775fcfff9ccbbe6f71a1b76555d22ab06b66b69ed764cdd14e979d70d32bf212b9664682917bc27b54e0367a71f045157c

  • SSDEEP

    6144:v7l/Mts0sXrneChRWcSUEC8ctAom2C+do4ON1ZA0bYQpBuLGlY+6iPHS/ei:hMSeChscpEBctA2Q11aPQ3/6/ei

Score
10/10
isrstealerdiscoverypersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      JaffaCakes118_7b6e32355587a65ca9d434152ebd7ef4

    • Size

      408KB

    • MD5

      7b6e32355587a65ca9d434152ebd7ef4

    • SHA1

      6ce649670be8e54ebaf3d018a030306e6bd8e070

    • SHA256

      d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37

    • SHA512

      d23ec6dd5aa6d7675eb0d4c4d567f3775fcfff9ccbbe6f71a1b76555d22ab06b66b69ed764cdd14e979d70d32bf212b9664682917bc27b54e0367a71f045157c

    • SSDEEP

      6144:v7l/Mts0sXrneChRWcSUEC8ctAom2C+do4ON1ZA0bYQpBuLGlY+6iPHS/ei:hMSeChscpEBctA2Q11aPQ3/6/ei

    Score
    10/10
    isrstealerdiscoverypersistencespywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Isrstealer family

      isrstealer

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks