Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_bcea65735d99c38cb0b5e6493f40c53b

  • Size

    433KB

  • Sample

    250208-af279avmc1

  • MD5

    bcea65735d99c38cb0b5e6493f40c53b

  • SHA1

    02ab575ea1a70713622eaefb779a6bd4ab917ea8

  • SHA256

    4e0f9e6733c4271fc053074990f397d2adafc7ea6960a3272e45f08fbac51b9d

  • SHA512

    12f3254746f1c1f3a7a6508ddaa3c41e8178d0626872db044902658eacc024c3ce19ce846d064c0f8ed64e8a4f3c6b79556a837ee0f1962060c4a852487d6950

  • SSDEEP

    6144:QpC2F8NXC796TB9vj480ifEEdq3hohwTiUCDzHO3tIuNlUpEf0:QTeVQkTrvj41GdqRl2UC3HO9FNlUis

Malware Config

Targets

    • Target

      JaffaCakes118_bcea65735d99c38cb0b5e6493f40c53b

    • Size

      433KB

    • MD5

      bcea65735d99c38cb0b5e6493f40c53b

    • SHA1

      02ab575ea1a70713622eaefb779a6bd4ab917ea8

    • SHA256

      4e0f9e6733c4271fc053074990f397d2adafc7ea6960a3272e45f08fbac51b9d

    • SHA512

      12f3254746f1c1f3a7a6508ddaa3c41e8178d0626872db044902658eacc024c3ce19ce846d064c0f8ed64e8a4f3c6b79556a837ee0f1962060c4a852487d6950

    • SSDEEP

      6144:QpC2F8NXC796TB9vj480ifEEdq3hohwTiUCDzHO3tIuNlUpEf0:QTeVQkTrvj41GdqRl2UC3HO9FNlUis

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks