Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    711ae558d7286ad13644149159044dcc_JaffaCakes118

  • Size

    408KB

  • Sample

    240725-y7119ssfpm

  • MD5

    711ae558d7286ad13644149159044dcc

  • SHA1

    57810350fb7267b2870d8d4bdabfedf9710ca7e0

  • SHA256

    eab1b6c30aad7cd1f0ffa2f5214f4f616c07276d18e917bed2f70b36a100864e

  • SHA512

    37cc209630974a9005e4e49d2eb96170bcc935a2612d7d0a65fe99aed1870660fb855255bbde6a78c2f2064e4a5ad352f222fb570259362bf02faf8989ea655f

  • SSDEEP

    6144:k+bELf/Mi/cWdi5pV/JNWOVhMtWk8mW4e5/K74cDtN3e:OdOpNX1hxmuyN3e

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      711ae558d7286ad13644149159044dcc_JaffaCakes118

    • Size

      408KB

    • MD5

      711ae558d7286ad13644149159044dcc

    • SHA1

      57810350fb7267b2870d8d4bdabfedf9710ca7e0

    • SHA256

      eab1b6c30aad7cd1f0ffa2f5214f4f616c07276d18e917bed2f70b36a100864e

    • SHA512

      37cc209630974a9005e4e49d2eb96170bcc935a2612d7d0a65fe99aed1870660fb855255bbde6a78c2f2064e4a5ad352f222fb570259362bf02faf8989ea655f

    • SSDEEP

      6144:k+bELf/Mi/cWdi5pV/JNWOVhMtWk8mW4e5/K74cDtN3e:OdOpNX1hxmuyN3e

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks