Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_8829cb426dee54d1cf2339b8b21baad6
-
Size
1.0MB
-
Sample
250323-1j6yqazr15
-
MD5
8829cb426dee54d1cf2339b8b21baad6
-
SHA1
a611b6df88d336a954771a1e11d64804cbc7b462
-
SHA256
9c042c16846ff1758640e91f8330ade0ff9ecdb5986729fd4dbe2e675c60b0e8
-
SHA512
2e7aa42fc4dd705063cccf486aff793d24855fc4b6c98adcff3815201513a9cb906e3d9b6da240d035c6f6e030268c5d47da88d3cf595575d3b5438e20734a1d
-
SSDEEP
24576:5q1PfooX+m8nd/bIqwMgtZhp8D93K7XQJPN7q3gnL:IYdgvR/0RNCu
Malware Config
Targets
-
-
Target
JaffaCakes118_8829cb426dee54d1cf2339b8b21baad6
-
Size
1.0MB
-
MD5
8829cb426dee54d1cf2339b8b21baad6
-
SHA1
a611b6df88d336a954771a1e11d64804cbc7b462
-
SHA256
9c042c16846ff1758640e91f8330ade0ff9ecdb5986729fd4dbe2e675c60b0e8
-
SHA512
2e7aa42fc4dd705063cccf486aff793d24855fc4b6c98adcff3815201513a9cb906e3d9b6da240d035c6f6e030268c5d47da88d3cf595575d3b5438e20734a1d
-
SSDEEP
24576:5q1PfooX+m8nd/bIqwMgtZhp8D93K7XQJPN7q3gnL:IYdgvR/0RNCu
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Modifies firewall policy service
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2