Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_05a8ec85e316c7a47e3b9d08a5422b54
-
Size
860KB
-
Sample
250219-qf4zva1ngw
-
MD5
05a8ec85e316c7a47e3b9d08a5422b54
-
SHA1
61323b743fa87da57a1c6de50223f5b75ee24bb6
-
SHA256
8073bf2582c3cc2256a6efddba9b0b3ca85229f431b979160c9803d7dbc6a81f
-
SHA512
f61cd6abe3b1027023790c5a844be76661a3c28851e3cb0bfac718394c880f2bf6d2e47e63cf91349a1cb1e053e804b77bb1f1fe3c44093e149161040d45c7af
-
SSDEEP
24576:k2kn++p4eaaUdM8eC1B2ncC+d1Jg/X/8af:LI++qeqdM8e58JQX/8
Malware Config
Targets
-
-
Target
JaffaCakes118_05a8ec85e316c7a47e3b9d08a5422b54
-
Size
860KB
-
MD5
05a8ec85e316c7a47e3b9d08a5422b54
-
SHA1
61323b743fa87da57a1c6de50223f5b75ee24bb6
-
SHA256
8073bf2582c3cc2256a6efddba9b0b3ca85229f431b979160c9803d7dbc6a81f
-
SHA512
f61cd6abe3b1027023790c5a844be76661a3c28851e3cb0bfac718394c880f2bf6d2e47e63cf91349a1cb1e053e804b77bb1f1fe3c44093e149161040d45c7af
-
SSDEEP
24576:k2kn++p4eaaUdM8eC1B2ncC+d1Jg/X/8af:LI++qeqdM8e58JQX/8
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Virtualization/Sandbox Evasion
1