Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
621e86e891e3b6779b45413476084881_JaffaCakes118
-
Size
167KB
-
Sample
240722-a7eahawcjl
-
MD5
621e86e891e3b6779b45413476084881
-
SHA1
663a7e19397200226722d8a8914b07a8b0ba36b1
-
SHA256
ccfee58863919bc41d59037fbef749efcbcb55a1df35b3d078c3abfe20e01fa9
-
SHA512
6d4204eab48b70454dd6f1524d40aff78468f367a70729d3fb2437cf950151b87d18e39b633e1e201763bbc02fb1bbefb30ad2e974297f097e958c0048dbf55e
-
SSDEEP
3072:B2NQKPWDypRepJltZrpRSfH1OhSZqPP7bK2GaMaPvZTcxfrJV+erI:QNSDypRothpQwSen9hTc9JV+j
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
621e86e891e3b6779b45413476084881_JaffaCakes118
-
Size
167KB
-
MD5
621e86e891e3b6779b45413476084881
-
SHA1
663a7e19397200226722d8a8914b07a8b0ba36b1
-
SHA256
ccfee58863919bc41d59037fbef749efcbcb55a1df35b3d078c3abfe20e01fa9
-
SHA512
6d4204eab48b70454dd6f1524d40aff78468f367a70729d3fb2437cf950151b87d18e39b633e1e201763bbc02fb1bbefb30ad2e974297f097e958c0048dbf55e
-
SSDEEP
3072:B2NQKPWDypRepJltZrpRSfH1OhSZqPP7bK2GaMaPvZTcxfrJV+erI:QNSDypRothpQwSen9hTc9JV+j
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1