Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8730122dd25c422d6ef99def0f5215d3_JaffaCakes118

  • Size

    2.7MB

  • Sample

    240810-w7cbsswdng

  • MD5

    8730122dd25c422d6ef99def0f5215d3

  • SHA1

    ce9fba33ecb7c13718bbc1403761374f21c086a3

  • SHA256

    2c8899c50ebb0f08ec1aa6ade80b926955bc212f67aa37757b1135783f2b5924

  • SHA512

    0389bf362b5db1069f29af1065b420130dc4c7a5581dba8646f77adc0e3394c3587236be5d5a6e09c4cd78fc699adde16692ff6b942de5db20f018f0a07225e3

  • SSDEEP

    49152:rWh/zlgTf98c547VS3ltuUf/L+TjdbHdw7hzvCEBeNiUUUML9BO84MiAi/YCsm+m:riq18cW7VS3WKcRHdw7hzvCEBeNiUUU7

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      8730122dd25c422d6ef99def0f5215d3_JaffaCakes118

    • Size

      2.7MB

    • MD5

      8730122dd25c422d6ef99def0f5215d3

    • SHA1

      ce9fba33ecb7c13718bbc1403761374f21c086a3

    • SHA256

      2c8899c50ebb0f08ec1aa6ade80b926955bc212f67aa37757b1135783f2b5924

    • SHA512

      0389bf362b5db1069f29af1065b420130dc4c7a5581dba8646f77adc0e3394c3587236be5d5a6e09c4cd78fc699adde16692ff6b942de5db20f018f0a07225e3

    • SSDEEP

      49152:rWh/zlgTf98c547VS3ltuUf/L+TjdbHdw7hzvCEBeNiUUUML9BO84MiAi/YCsm+m:riq18cW7VS3WKcRHdw7hzvCEBeNiUUU7

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks