Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

JaffaCakes...d6.exe

windows7-x64

7

JaffaCakes...d6.exe

windows10-2004-x64

7

$APPDATA/M...ild.sh

ubuntu-18.04-amd64

3

$APPDATA/M...ild.sh

debian-9-armhf

3

$APPDATA/M...ild.sh

debian-9-mips

3

$APPDATA/M...ild.sh

debian-9-mipsel

3

$APPDATA/M...ild.sh

ubuntu-18.04-amd64

$APPDATA/M...ild.sh

debian-9-armhf

$APPDATA/M...ild.sh

debian-9-mips

$APPDATA/M...ild.sh

debian-9-mipsel

$APPDATA/M...lid.js

windows7-x64

3

$APPDATA/M...lid.js

windows10-2004-x64

3

$APPDATA/M...lay.js

windows7-x64

3

$APPDATA/M...lay.js

windows10-2004-x64

3

$APPDATA/M...oad.js

windows7-x64

3

$APPDATA/M...oad.js

windows10-2004-x64

3

$APPDATA/M...oad.js

windows7-x64

3

$APPDATA/M...oad.js

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/fct.dll

windows7-x64

3

$PLUGINSDIR/fct.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

VFDInstall.exe

windows7-x64

6

VFDInstall.exe

windows10-2004-x64

6

bho_project.dll

windows7-x64

6

bho_project.dll

windows10-2004-x64

6

chromeaddo...ded.js

windows7-x64

3

chromeaddo...ded.js

windows10-2004-x64

3

chromeaddo...d.html

windows7-x64

3

chromeaddo...d.html

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_2793cb025fbd21dbfb9baa7d31639cd6

  • Size

    159KB

  • Sample

    250125-dejlasskhs

  • MD5

    2793cb025fbd21dbfb9baa7d31639cd6

  • SHA1

    891cd7b11e19c6ba57ef1a00a9bcc13808b09484

  • SHA256

    754e73d783386a99ea36946cb578d34abe841adb9e32c0471711006d3ffeb61b

  • SHA512

    a09907ff9021e27b7217237e9d2350fe4d89b3e010d410ff7cf7bd58d030f89a4c61d2070b38b9ed55431177e2937334fa318b933591277557952c487c607272

  • SSDEEP

    3072:3Lk395hYXJ1ZfFsuGC5w9RinLEKMWhhXKQMN6PPmlAMosBNI:3QqjZuu/5wTso/UNKQMNQmSMHM

Score
7/10
adwarediscoveryexecutionlinuxspywarestealer

Malware Config

Targets

    • Target

      JaffaCakes118_2793cb025fbd21dbfb9baa7d31639cd6

    • Size

      159KB

    • MD5

      2793cb025fbd21dbfb9baa7d31639cd6

    • SHA1

      891cd7b11e19c6ba57ef1a00a9bcc13808b09484

    • SHA256

      754e73d783386a99ea36946cb578d34abe841adb9e32c0471711006d3ffeb61b

    • SHA512

      a09907ff9021e27b7217237e9d2350fe4d89b3e010d410ff7cf7bd58d030f89a4c61d2070b38b9ed55431177e2937334fa318b933591277557952c487c607272

    • SSDEEP

      3072:3Lk395hYXJ1ZfFsuGC5w9RinLEKMWhhXKQMN6PPmlAMosBNI:3QqjZuu/5wTso/UNKQMNQmSMHM

    Score
    7/10
    adwarediscoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1behavioral2

    • Target

      $APPDATA/Mozilla/Firefox/$R0/extensions/[email protected]/build.sh

    • Size

      3KB

    • MD5

      eece87baf1509ffc027d6b22b7683955

    • SHA1

      d4a03766203c775b71eeaedc423d7920c1019f3c

    • SHA256

      c4f9c723000a08c87859623c0a11022472bfd4b8758c7530778b50bc549c1618

    • SHA512

      882e3acc7bffc4f09b7ad223b0839560e070a04467b78fb279da8e5ee72a8fa1fbd65da1bdeec4d56576232f5b50a6124c485d017c7e129283deb6edaa457319

    Score
    3/10
    discovery
    behavioral3behavioral4behavioral5behavioral6

    • Target

      $APPDATA/Mozilla/Firefox/$R0/extensions/[email protected]/config_build.sh

    • Size

      178B

    • MD5

      7c632a564348fc87aee8138019d0fde0

    • SHA1

      490bb35a02e37111e62733b7d644a26c57842491

    • SHA256

      226b47aa96f6979c755f6d9d27d3258f10a6b74a7a6087f50203de7581e03229

    • SHA512

      a5db2ee6c6f09b437562fb3cc64f5de3cec34fa8925bb16efef2eb41c82ddbb24bc281b9565b30168ed57e2b70737d1479a27df6e83248ba937c400b81290ec7

    Score
    1/10
    behavioral10behavioral7behavioral8behavioral9

    • Target

      $APPDATA/Mozilla/Firefox/$R0/extensions/[email protected]/content/installid.js

    • Size

      217B

    • MD5

      b8b91a4970839c300a48d933527212f6

    • SHA1

      58fc3b8bfa80e99adea483b9860f24dce1e3c81f

    • SHA256

      8287eb661753f3c2602dc3dda8973727cf1c00e2d193ae0829ead7bee3011f35

    • SHA512

      a72f32a54e733c1c10fb3b1762c9a84c8b84a976c1bde8d4d764a73cdc9733961f923c83473599b6315b462f943f4ddaf03104e332e5d99429123cdb75be505d

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      $APPDATA/Mozilla/Firefox/$R0/extensions/[email protected]/content/overlay.js

    • Size

      309B

    • MD5

      736c4e05b326e15dd6e496b8ed2af8c6

    • SHA1

      a7f2862e47619a0ba8c1e0285c3f2dccae3683b6

    • SHA256

      1fac0ed464192eaf5cf34d34b7aa6bdd40bfcaface36a11919c5fd5da033e9fd

    • SHA512

      470002faa5bdee3b3c3955d8023f709f5e56a7e8db061c127a4f7f73527b03fe20fac4832d8fbd186178856a0e53e4f131de08cece7a22f992c3f663bc035115

    Score
    3/10
    execution
    behavioral13behavioral14

    • Target

      $APPDATA/Mozilla/Firefox/$R0/extensions/[email protected]/content/vfdownload.js

    • Size

      3KB

    • MD5

      387f2492fab6a6c0aa413a7bdcde3ea6

    • SHA1

      077ffb3817ec63f0b29200c76c43ddee3d13a590

    • SHA256

      ab80de3ecec5f0ebe7d90d2ca9d2b3fc58ae94c3bafb61e011e6b7131acbc8de

    • SHA512

      d2740e0955c1ba21fdf2424c07887c8943854a61e148c97ad9cfd165e35297e88930b908b10246731b5fd45e30a167c4c9c0a9949a134da576b5a9a72c8f231a

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      $APPDATA/Mozilla/Firefox/$R0/extensions/[email protected]/defaults/preferences/vfdownload.js

    • Size

      426B

    • MD5

      c6720630e48853366fc0f73610619357

    • SHA1

      b82c8b0e6673fc8248f9cd0a93c4c0f9111e8b9d

    • SHA256

      02ba5dfc4f06b1fcde1d34dec1c0899489cc27f14e7692db99fd621b8c48f8a2

    • SHA512

      54d41302833dc9455095e643f367460856838c4a8833825772c3dc432eeffec94563aa40725e48d6116967b8f441d4801681a6b45a373e897d6c945735c2afff

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/fct.dll

    • Size

      4KB

    • MD5

      e3f3809f51c7982d96aaf9c090f7d176

    • SHA1

      7494daa8000c0b31c58d94edc509232569a4606f

    • SHA256

      010f5e0c69b4a630b08b2551e03d8044a33350f151848dcf50953407012fab29

    • SHA512

      3fca284e384abc95201dc73f19bd9d75413e8890e819967070b9d9991115be2a8c17e07bd1aaaffcbc770b393bf9a2af253100ac4d9efba8d21110bac97737fc

    • SSDEEP

      48:qlQOVagyAU3gJS+Tgc43uiu7Dh/gdp/gRfykVwv+:qa33gJS+ccQuiuJE/kyku

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      e541458cfe66ef95ffbea40eaaa07289

    • SHA1

      caec1233f841ee72004231a3027b13cdeb13274c

    • SHA256

      3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

    • SHA512

      0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

    • SSDEEP

      384:b1JO6XgZkjxm+NpXaWgzxUX//EUhU7ya4LQ0Ac9khYLMkIX0+GBty3Sm0:b+6Xgsm+NpKWgzxUXnEUhUua4Li70

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      VFDInstall.exe

    • Size

      54KB

    • MD5

      bbd5a872f7f1fba57f190708ac817717

    • SHA1

      042b1363929b4bc46bc8bc31c1d64335c0c8209d

    • SHA256

      5473931a9d66c7ef9a908956b9e41ea2a04acda2d1f5d9866042662f4b3c0e88

    • SHA512

      cf86aa506b3cdafd0f9ec83a1171ba23c4a1820bd1d6427b5ebf479e927a8a23979f14ce0ebbec681ee2d1034139df713d4bf6ee28bcffd79cdb49b8f9b5b612

    • SSDEEP

      1536:3LXB65939tY6HBg4sXJZZD5oMS/sRmxz/CXSFCt:3Lk395hYXJZZfFsuGCt

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral25behavioral26

    • Target

      bho_project.dll

    • Size

      90KB

    • MD5

      3d460002229cadb478000e336ed844c1

    • SHA1

      7053f2dd4e3873dde9b082e577556101bb24773f

    • SHA256

      2efbd2f8f49f059127d69d8437e1937ec4c378705a74c1462f853347739c7c83

    • SHA512

      1536fbc20805ee07f7a84d26614fca3df94593cf279e59e7afdca68cb2d1c8df3f35d7dbc2ccf6f833ab6dfd94126a2aa4a3eaabbc705b1bc3a2104f8d7eaa97

    • SSDEEP

      1536:vz+PSmHiTBjElgMfpA/39txZwk8oSL5HJ/QlyGqW:viPSiiuKMfpC39juoi5HJ/Ql6W

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral27behavioral28

    • Target

      chromeaddon/._included.js

    • Size

      4KB

    • MD5

      b3f761b08ceb628bc493a7eb49ed0185

    • SHA1

      dcb64be413c76b99bfc9f122e4d5ab6086b84319

    • SHA256

      32d74aa7c996781c1fd0b57d287ae41ff200f26a91ba4b815829fd6739e9b2bd

    • SHA512

      ea0280e9c702a60b747e63afdc7ef3b725c4f8f6e29b311eba78e7e8e924a1b77b709285c2ab639df5a426df793db70f961d316f8201d75a56b80a9518e0eb89

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      chromeaddon/background.html

    • Size

      1KB

    • MD5

      0c22935b95054ed5aa7f5a5cfc979f02

    • SHA1

      34d981eb26c3233dab68b931e034f8d25cec843b

    • SHA256

      c42db3730e4c4a839d32ab92293376e428212a6af99f338938867284eca3d495

    • SHA512

      96f024eeb045796f13a7a5dd9e6e1cf0a3a29141f2d411797d0146c70c5acb92b95bfa5c61c727a096e111fb2786427d61bbca4c24b2edff686f24c0254ee59d

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoveryspywarestealer
Score
7/10

behavioral2

adwarediscoveryspywarestealer
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

adwarediscoverystealer
Score
6/10

behavioral26

adwarediscoverystealer
Score
6/10

behavioral27

adwarediscoverystealer
Score
6/10

behavioral28

adwarediscoverystealer
Score
6/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10