Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    df18462d6309efb5454fecdf3df709ce_JaffaCakes118

  • Size

    350KB

  • Sample

    240913-3jf4eaverk

  • MD5

    df18462d6309efb5454fecdf3df709ce

  • SHA1

    1caa5c2a2bcdc6b8282c971f197ff7df78352e11

  • SHA256

    2b47a07b4a577bb57598402cbb7adb06a2cfae0c6f2bb212d7c9957687fe0445

  • SHA512

    8466a90e49ea0e1916e493208aeb736bfd30e53908a63a9f54bb7ffdc6430abf4fb54ca901cade1893a3c3b243465378212d4d1e17fcb7e0ed3c626d884dc6d6

  • SSDEEP

    6144:hqs/AV1rl6ahtdKGFXnxdS8NnaopyJLn1KT2z99X5kdT8Z0BwG9bM6Zyj:hbS6qtEGFXxHaopwtEwWbvZyj

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      df18462d6309efb5454fecdf3df709ce_JaffaCakes118

    • Size

      350KB

    • MD5

      df18462d6309efb5454fecdf3df709ce

    • SHA1

      1caa5c2a2bcdc6b8282c971f197ff7df78352e11

    • SHA256

      2b47a07b4a577bb57598402cbb7adb06a2cfae0c6f2bb212d7c9957687fe0445

    • SHA512

      8466a90e49ea0e1916e493208aeb736bfd30e53908a63a9f54bb7ffdc6430abf4fb54ca901cade1893a3c3b243465378212d4d1e17fcb7e0ed3c626d884dc6d6

    • SSDEEP

      6144:hqs/AV1rl6ahtdKGFXnxdS8NnaopyJLn1KT2z99X5kdT8Z0BwG9bM6Zyj:hbS6qtEGFXxHaopwtEwWbvZyj

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks