Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9468e72629e81b5f05e90202955e4930_JaffaCakes118

  • Size

    351KB

  • Sample

    240813-x4pcmawflp

  • MD5

    9468e72629e81b5f05e90202955e4930

  • SHA1

    7c5e246707670141e4687805fb857251488e2856

  • SHA256

    af99e4717c6c8d1740c3a8899379d46b516503aa03b8e5a2347c77534bf006d2

  • SHA512

    8e6b44cb5b080915e6f5b1ec7685f56a51ebb36b19f7c908a6c0a7517897640a793d8a301e7ee5d2fadee41e651279caa1406a9217fd60a82eafc9336de2af6d

  • SSDEEP

    3072:hoF3CkEnm23lSuURxK/paQFVCIyxZtIbLPISKaTMjD2B9r3nWGtot+OO2ETG/8dA:8IzSsMJPL8tnIFIJVSITSQS

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      9468e72629e81b5f05e90202955e4930_JaffaCakes118

    • Size

      351KB

    • MD5

      9468e72629e81b5f05e90202955e4930

    • SHA1

      7c5e246707670141e4687805fb857251488e2856

    • SHA256

      af99e4717c6c8d1740c3a8899379d46b516503aa03b8e5a2347c77534bf006d2

    • SHA512

      8e6b44cb5b080915e6f5b1ec7685f56a51ebb36b19f7c908a6c0a7517897640a793d8a301e7ee5d2fadee41e651279caa1406a9217fd60a82eafc9336de2af6d

    • SSDEEP

      3072:hoF3CkEnm23lSuURxK/paQFVCIyxZtIbLPISKaTMjD2B9r3nWGtot+OO2ETG/8dA:8IzSsMJPL8tnIFIJVSITSQS

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks