Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f61dded64ead4e3ae126f5480a792728_JaffaCakes118

  • Size

    332KB

  • Sample

    240417-s5qjvsfg6z

  • MD5

    f61dded64ead4e3ae126f5480a792728

  • SHA1

    698e7fdae1299240dd875621d9c256d6de297267

  • SHA256

    e84c043b4cc2703b8454cb1c5215d69a80dd7946bd049c50f5f9aaae3efef732

  • SHA512

    4a593da1cd155f39ae398e9433f40d603a320ba3fd0c6d49e492074d7a2402fc461495bb542f1d3d806f3178b1819660f68a64549f35c1024b86937963955fc6

  • SSDEEP

    6144:DEA4Py0l7xaYb4B4r5MxSflJyXarcK6b/3LUJCrazHpbktoBkcFmu3kU40eOZsXl:oAk17q6rCoZrq/oJAazH2IkcFmulpDZC

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      العنود.exe

    • Size

      358KB

    • MD5

      c78570e28d30ffef470f20d2d66362d5

    • SHA1

      22bda1764316906402c8acccee2c6fd329b7689e

    • SHA256

      1234966c7b51df3c087f85985d5c56b164a42b85afc8b1f99aa582d7589ef7b4

    • SHA512

      1acc68aef7abf443a92e562b6e09fa9f504f93f35f3caa07e25a42dd91d4698a6a6e533ca12254173addc1604b49b5ab8a933751a19054150a376b23789d7000

    • SSDEEP

      6144:Lj5KPoqWbAl8/f9XgnVW5GJZ2tNYLj8MfsxHi8msih0OSYkMRGL:3+xlqXwVzYKj86sxHtmsiSOSY5RGL

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks