Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_0e92f0a27b341a253c42256efc823008

  • Size

    286KB

  • Sample

    250122-ryjx3asjaj

  • MD5

    0e92f0a27b341a253c42256efc823008

  • SHA1

    ca4fdc979c6fc15e7d8e6bbde51f1e0f60bffec6

  • SHA256

    e1ac65adf3f4cb7b490d1b384ecfb17f0c40506816c3ee667a3e93866e5e23f9

  • SHA512

    2ab2b1351d60bbe00f72641de95a930a1b7846892cc93ea3fcd11a64f2d20824f4b7c880d9ebfa613cf5efe2a37412212e3e32c7a681bd6d40b872bbc241d6f9

  • SSDEEP

    6144:OIEpvVLxqermfw0oHnKhKI+xA4Ah7lnjtNu+CTS15:OHvVLxXro5oFVxAdh71byO

Malware Config

Targets

    • Target

      JaffaCakes118_0e92f0a27b341a253c42256efc823008

    • Size

      286KB

    • MD5

      0e92f0a27b341a253c42256efc823008

    • SHA1

      ca4fdc979c6fc15e7d8e6bbde51f1e0f60bffec6

    • SHA256

      e1ac65adf3f4cb7b490d1b384ecfb17f0c40506816c3ee667a3e93866e5e23f9

    • SHA512

      2ab2b1351d60bbe00f72641de95a930a1b7846892cc93ea3fcd11a64f2d20824f4b7c880d9ebfa613cf5efe2a37412212e3e32c7a681bd6d40b872bbc241d6f9

    • SSDEEP

      6144:OIEpvVLxqermfw0oHnKhKI+xA4Ah7lnjtNu+CTS15:OHvVLxXro5oFVxAdh71byO

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks