Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a38ecda7984fa520004a08c13f39c895_JaffaCakes118

  • Size

    167KB

  • Sample

    240817-wlfgbs1hlm

  • MD5

    a38ecda7984fa520004a08c13f39c895

  • SHA1

    5c0c63381f04d1ff4293176391e4496fdedec73f

  • SHA256

    237e5c840e68f3988798e6a1d4c4dde36071ae2082b161d8be6a6c57a04197eb

  • SHA512

    ae4b8ef44b23925251601c6aed4551ff8039984a8a2f1a3b78787aff7f64a67085562e901423875c7bb3618b049c45cee583e9b06ef1748fec833caa54c52a42

  • SSDEEP

    3072:kONQKPWDyElReiJltZrpRcSRksRGRxQ/R56PeHA5zIuXWJxE:fNSDy6Rzthp/Vn56GHEzRExE

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      a38ecda7984fa520004a08c13f39c895_JaffaCakes118

    • Size

      167KB

    • MD5

      a38ecda7984fa520004a08c13f39c895

    • SHA1

      5c0c63381f04d1ff4293176391e4496fdedec73f

    • SHA256

      237e5c840e68f3988798e6a1d4c4dde36071ae2082b161d8be6a6c57a04197eb

    • SHA512

      ae4b8ef44b23925251601c6aed4551ff8039984a8a2f1a3b78787aff7f64a67085562e901423875c7bb3618b049c45cee583e9b06ef1748fec833caa54c52a42

    • SSDEEP

      3072:kONQKPWDyElReiJltZrpRcSRksRGRxQ/R56PeHA5zIuXWJxE:fNSDy6Rzthp/Vn56GHEzRExE

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks