Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    77e11e9f67859c9edc9288a024e0aabc_JaffaCakes118

  • Size

    96KB

  • Sample

    240727-mmvszaxfkc

  • MD5

    77e11e9f67859c9edc9288a024e0aabc

  • SHA1

    762c6f40ae7e7f24da0f70cda2731f9d7bf5ab1b

  • SHA256

    3b5b5a3eecd5e6a791e78417da423813492855b8b9c1a8f1510f317aec2160fb

  • SHA512

    8550c80930f01ffee5598dccb25a48ab3866b23556e124ebbb5122e800d0eaf6d58087e0e0198ea8d84871bb0e9f69de079ed8c536db83b1801649f2b3dea5e2

  • SSDEEP

    3072:2D7c8rgevqta8pRJaBQjs6C9FgBTL4dota1EGWi:28Iqo8pPjTyqcEg

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      77e11e9f67859c9edc9288a024e0aabc_JaffaCakes118

    • Size

      96KB

    • MD5

      77e11e9f67859c9edc9288a024e0aabc

    • SHA1

      762c6f40ae7e7f24da0f70cda2731f9d7bf5ab1b

    • SHA256

      3b5b5a3eecd5e6a791e78417da423813492855b8b9c1a8f1510f317aec2160fb

    • SHA512

      8550c80930f01ffee5598dccb25a48ab3866b23556e124ebbb5122e800d0eaf6d58087e0e0198ea8d84871bb0e9f69de079ed8c536db83b1801649f2b3dea5e2

    • SSDEEP

      3072:2D7c8rgevqta8pRJaBQjs6C9FgBTL4dota1EGWi:28Iqo8pPjTyqcEg

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks