Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...ea.exe

windows7-x64

10

JaffaCakes...ea.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_0c98d68730551466e56e5d737cf40eea

  • Size

    284KB

  • Sample

    250122-l1s1vs1jft

  • MD5

    0c98d68730551466e56e5d737cf40eea

  • SHA1

    d2d2f1a22dc45d5c4fd770c0803d99552e21696c

  • SHA256

    2e9044960e212d7356fa16c3c9201c16038539de17a8d013fcd392fde5e3079d

  • SHA512

    9b62f9a642a2f1bec307dfd690f90219f94bd198a9949bdcbfaa0eb973991de62b8f065f29348d8b207f47f504a684df4cfb04d5fb6ca0fc116f986c666f9926

  • SSDEEP

    3072:ijw4Qta8jqyyAayG8RX3sa/b9cLMYCvr00uwsCvnRpPi9aDOkGuZ1awSDtTiHyUh:MaA85aShZWC8wnO9+OFO1gZTSyQZJ

Score
10/10
hawkeyecredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    mygrandpa123

Targets

    • Target

      JaffaCakes118_0c98d68730551466e56e5d737cf40eea

    • Size

      284KB

    • MD5

      0c98d68730551466e56e5d737cf40eea

    • SHA1

      d2d2f1a22dc45d5c4fd770c0803d99552e21696c

    • SHA256

      2e9044960e212d7356fa16c3c9201c16038539de17a8d013fcd392fde5e3079d

    • SHA512

      9b62f9a642a2f1bec307dfd690f90219f94bd198a9949bdcbfaa0eb973991de62b8f065f29348d8b207f47f504a684df4cfb04d5fb6ca0fc116f986c666f9926

    • SSDEEP

      3072:ijw4Qta8jqyyAayG8RX3sa/b9cLMYCvr00uwsCvnRpPi9aDOkGuZ1awSDtTiHyUh:MaA85aShZWC8wnO9+OFO1gZTSyQZJ

    Score
    10/10
    hawkeyecredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Hawkeye family

      hawkeye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks