Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    15624c78d9e25a17a66594c368bd504e_JaffaCakes118

  • Size

    100KB

  • Sample

    240627-kq7wlavgpk

  • MD5

    15624c78d9e25a17a66594c368bd504e

  • SHA1

    14f854c9f14fa34804dae0d3c97867a7274a1868

  • SHA256

    b6a511fe1c006c50da24cfe497f4de8feeaf611f17b059a9c11c2c8c2cc31fd8

  • SHA512

    23e94f7512a083d314f0c1eee00173ab15004796265926a70fa581d13fe7319e906bb05bd8e0aa97d4600dcebc2252b3602ed9a09ba51ec5dba3c2b341fddb82

  • SSDEEP

    3072:C697T77GgQlW9VPLic41MqlOSdEGQF2p7xLj5DXW:377SlWTLic41CH0715D

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      15624c78d9e25a17a66594c368bd504e_JaffaCakes118

    • Size

      100KB

    • MD5

      15624c78d9e25a17a66594c368bd504e

    • SHA1

      14f854c9f14fa34804dae0d3c97867a7274a1868

    • SHA256

      b6a511fe1c006c50da24cfe497f4de8feeaf611f17b059a9c11c2c8c2cc31fd8

    • SHA512

      23e94f7512a083d314f0c1eee00173ab15004796265926a70fa581d13fe7319e906bb05bd8e0aa97d4600dcebc2252b3602ed9a09ba51ec5dba3c2b341fddb82

    • SSDEEP

      3072:C697T77GgQlW9VPLic41MqlOSdEGQF2p7xLj5DXW:377SlWTLic41CH0715D

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks