Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eb7ce4c94f8c940ff49610913a1d4122_JaffaCakes118

  • Size

    120KB

  • Sample

    240919-rdb2qasbpa

  • MD5

    eb7ce4c94f8c940ff49610913a1d4122

  • SHA1

    f44a8a7a103b4d2dec350a3802c0aa0d3c6bbe4b

  • SHA256

    05abd9736c6262d5f17972836dd4d23b1363375ca913567e957155f1b080a492

  • SHA512

    fd4599b1aef47866a63ac964530c301f8a19e540e68e5b5cd6d2c00aef5204c602cff9b3314d467adfa7da08d10076984ac3766f695da21b0097fcb3c6d0dabb

  • SSDEEP

    1536:dQB7sFY1SSb5hK39c4vX5zPIwqvtEEXJzJY2+Sjlobod489isPr2tyK:dQB7Dk66BP0vKEXM2+Sjloboj9isTO

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      eb7ce4c94f8c940ff49610913a1d4122_JaffaCakes118

    • Size

      120KB

    • MD5

      eb7ce4c94f8c940ff49610913a1d4122

    • SHA1

      f44a8a7a103b4d2dec350a3802c0aa0d3c6bbe4b

    • SHA256

      05abd9736c6262d5f17972836dd4d23b1363375ca913567e957155f1b080a492

    • SHA512

      fd4599b1aef47866a63ac964530c301f8a19e540e68e5b5cd6d2c00aef5204c602cff9b3314d467adfa7da08d10076984ac3766f695da21b0097fcb3c6d0dabb

    • SSDEEP

      1536:dQB7sFY1SSb5hK39c4vX5zPIwqvtEEXJzJY2+Sjlobod489isPr2tyK:dQB7Dk66BP0vKEXM2+Sjloboj9isTO

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks