Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_be5dfafefd95d218c56395ad8be4e984

  • Size

    436KB

  • Sample

    250208-dqb1latjdm

  • MD5

    be5dfafefd95d218c56395ad8be4e984

  • SHA1

    4d265baa69e0d5a3fa06bf3c5c26fa73e8d71889

  • SHA256

    401a6e01982720bc841e947833a9e7abaa5796406236047e9b3456cf9e840f53

  • SHA512

    8bb7bc3d9ba10d84a17fc52efe2d666eb531aa0c2a813de8b6363342e7f8c741b4f319ab3f036cbc82641c836b3e5d34be8d4ef3718748429136adaf39983498

  • SSDEEP

    12288:LkkZPCkiLG1yt0ZnHp+qYPCz64p7FIIhII:LkNLG1owpKPBW

Malware Config

Targets

    • Target

      JaffaCakes118_be5dfafefd95d218c56395ad8be4e984

    • Size

      436KB

    • MD5

      be5dfafefd95d218c56395ad8be4e984

    • SHA1

      4d265baa69e0d5a3fa06bf3c5c26fa73e8d71889

    • SHA256

      401a6e01982720bc841e947833a9e7abaa5796406236047e9b3456cf9e840f53

    • SHA512

      8bb7bc3d9ba10d84a17fc52efe2d666eb531aa0c2a813de8b6363342e7f8c741b4f319ab3f036cbc82641c836b3e5d34be8d4ef3718748429136adaf39983498

    • SSDEEP

      12288:LkkZPCkiLG1yt0ZnHp+qYPCz64p7FIIhII:LkNLG1owpKPBW

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks