Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_bf9fc4d9b8d9461e59169444664ce1c6

  • Size

    170KB

  • Sample

    250208-gd82cayld1

  • MD5

    bf9fc4d9b8d9461e59169444664ce1c6

  • SHA1

    c5853e8e7e8f8f6990ff69879120d8d15e557f0d

  • SHA256

    13ea24659f5571b5097bcf2fa07464a18dde7e9e2746a6c3139179a8c8d4b084

  • SHA512

    9bbf9811bf1cf9eef1a91eeb0127864a9939c9e183d701c95b993a3db80aa0e703087ba2b9ce5f139990c6d7a90fc02941fbd215340e1225a8f9214d2a9007c8

  • SSDEEP

    1536:JxqjQ+P04wsmJC2Vloa2rYsbDvZO/U+SeOw6nXD1GYv+8VLpsGS1GYv+8VLpsGD:sr85CF5vZOM+SexGvRLGtvRLGu

Malware Config

Targets

    • Target

      JaffaCakes118_bf9fc4d9b8d9461e59169444664ce1c6

    • Size

      170KB

    • MD5

      bf9fc4d9b8d9461e59169444664ce1c6

    • SHA1

      c5853e8e7e8f8f6990ff69879120d8d15e557f0d

    • SHA256

      13ea24659f5571b5097bcf2fa07464a18dde7e9e2746a6c3139179a8c8d4b084

    • SHA512

      9bbf9811bf1cf9eef1a91eeb0127864a9939c9e183d701c95b993a3db80aa0e703087ba2b9ce5f139990c6d7a90fc02941fbd215340e1225a8f9214d2a9007c8

    • SSDEEP

      1536:JxqjQ+P04wsmJC2Vloa2rYsbDvZO/U+SeOw6nXD1GYv+8VLpsGS1GYv+8VLpsGD:sr85CF5vZOM+SexGvRLGtvRLGu

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks