Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
711ae558d7286ad13644149159044dcc_JaffaCakes118
-
Size
408KB
-
Sample
240725-y7119ssfpm
-
MD5
711ae558d7286ad13644149159044dcc
-
SHA1
57810350fb7267b2870d8d4bdabfedf9710ca7e0
-
SHA256
eab1b6c30aad7cd1f0ffa2f5214f4f616c07276d18e917bed2f70b36a100864e
-
SHA512
37cc209630974a9005e4e49d2eb96170bcc935a2612d7d0a65fe99aed1870660fb855255bbde6a78c2f2064e4a5ad352f222fb570259362bf02faf8989ea655f
-
SSDEEP
6144:k+bELf/Mi/cWdi5pV/JNWOVhMtWk8mW4e5/K74cDtN3e:OdOpNX1hxmuyN3e
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
711ae558d7286ad13644149159044dcc_JaffaCakes118
-
Size
408KB
-
MD5
711ae558d7286ad13644149159044dcc
-
SHA1
57810350fb7267b2870d8d4bdabfedf9710ca7e0
-
SHA256
eab1b6c30aad7cd1f0ffa2f5214f4f616c07276d18e917bed2f70b36a100864e
-
SHA512
37cc209630974a9005e4e49d2eb96170bcc935a2612d7d0a65fe99aed1870660fb855255bbde6a78c2f2064e4a5ad352f222fb570259362bf02faf8989ea655f
-
SSDEEP
6144:k+bELf/Mi/cWdi5pV/JNWOVhMtWk8mW4e5/K74cDtN3e:OdOpNX1hxmuyN3e
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
5