Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ef0ceae5dca15c5c11cfe55a524e2020_JaffaCakes118

  • Size

    100KB

  • Sample

    240921-evzswsvclp

  • MD5

    ef0ceae5dca15c5c11cfe55a524e2020

  • SHA1

    152f461a64ebe14f9f30ee478e0935d37398e7cd

  • SHA256

    09b43620b42e4ca7ff7201f74a9894589d65f5e4dad457d4750ea9d162cee9c2

  • SHA512

    a73a54a22e949c5436bb01cb00b3f23a07c716ed2d7540194aeb41414588feac9ba1568cbb355173e866f71b04b80bfdaaf2527153a4923982f6bfcafe458054

  • SSDEEP

    3072:R60c5xHj+WfCwKGasFOsvV9RIzIGLzOLjxy:R6v5phqwKGasFBLRWDLzGjxy

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      ef0ceae5dca15c5c11cfe55a524e2020_JaffaCakes118

    • Size

      100KB

    • MD5

      ef0ceae5dca15c5c11cfe55a524e2020

    • SHA1

      152f461a64ebe14f9f30ee478e0935d37398e7cd

    • SHA256

      09b43620b42e4ca7ff7201f74a9894589d65f5e4dad457d4750ea9d162cee9c2

    • SHA512

      a73a54a22e949c5436bb01cb00b3f23a07c716ed2d7540194aeb41414588feac9ba1568cbb355173e866f71b04b80bfdaaf2527153a4923982f6bfcafe458054

    • SSDEEP

      3072:R60c5xHj+WfCwKGasFOsvV9RIzIGLzOLjxy:R6v5phqwKGasFBLRWDLzGjxy

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks