Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    962a41078971e7db867b7ffa95b2fe02_JaffaCakes118

  • Size

    177KB

  • Sample

    240814-p2agpaxfnm

  • MD5

    962a41078971e7db867b7ffa95b2fe02

  • SHA1

    c25ecfd5476c096dc763f88982f64a9059ee5582

  • SHA256

    194b36a24f21ec5759a45487e14a7be58700bf9735eb5d65bd0d7e11981bd559

  • SHA512

    616d3914db35fc1af1eb69775140b4f077968378124e38a5bfba643122603796d5741408d76f77d778798451c6622d05f4879da07eadb45f7f6f2a850afefcb7

  • SSDEEP

    3072:8NQKPWDyYI0fFJltZrpReFX3OOJ4zJ+KpQ2VuwuRsbkb7M1ZmTt:8NSDyYIkFthpr24zJtq2Vu5RHb7M+R

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      962a41078971e7db867b7ffa95b2fe02_JaffaCakes118

    • Size

      177KB

    • MD5

      962a41078971e7db867b7ffa95b2fe02

    • SHA1

      c25ecfd5476c096dc763f88982f64a9059ee5582

    • SHA256

      194b36a24f21ec5759a45487e14a7be58700bf9735eb5d65bd0d7e11981bd559

    • SHA512

      616d3914db35fc1af1eb69775140b4f077968378124e38a5bfba643122603796d5741408d76f77d778798451c6622d05f4879da07eadb45f7f6f2a850afefcb7

    • SSDEEP

      3072:8NQKPWDyYI0fFJltZrpReFX3OOJ4zJ+KpQ2VuwuRsbkb7M1ZmTt:8NSDyYIkFthpr24zJtq2Vu5RHb7M+R

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks