Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    73e104bb4777b263515cb29cf710fcea_JaffaCakes118

  • Size

    144KB

  • Sample

    240726-npb93syeqh

  • MD5

    73e104bb4777b263515cb29cf710fcea

  • SHA1

    b75169b7cf85a436b694c7823c8484bb1aad1c70

  • SHA256

    d6fb7f44b80c842d2b615bd014e7462b340587f044a0f8dbb71a15f70e48b5e8

  • SHA512

    69409ed8c2b040427282a75870190d95ba069136d7a8dc789cd685a37b40f18bf95c296bb819ba0e48dc20caafff7640907ec2fad749a6cdae64b822b3f19bca

  • SSDEEP

    3072:cMCTOPydz6ikrKkQOB95UEWdxMpUv9AbHo1HH:kTOEOrV95pW4+v9Mop

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      73e104bb4777b263515cb29cf710fcea_JaffaCakes118

    • Size

      144KB

    • MD5

      73e104bb4777b263515cb29cf710fcea

    • SHA1

      b75169b7cf85a436b694c7823c8484bb1aad1c70

    • SHA256

      d6fb7f44b80c842d2b615bd014e7462b340587f044a0f8dbb71a15f70e48b5e8

    • SHA512

      69409ed8c2b040427282a75870190d95ba069136d7a8dc789cd685a37b40f18bf95c296bb819ba0e48dc20caafff7640907ec2fad749a6cdae64b822b3f19bca

    • SSDEEP

      3072:cMCTOPydz6ikrKkQOB95UEWdxMpUv9AbHo1HH:kTOEOrV95pW4+v9Mop

    • Modifies WinLogon for persistence

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks