Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f71547636e241728e7236337554ee477_JaffaCakes118
-
Size
104KB
-
Sample
240925-3msllsthkm
-
MD5
f71547636e241728e7236337554ee477
-
SHA1
dd12abf9a07d7581675ec9bc95a72a0463850cee
-
SHA256
20bf9eefaa243d28369a9b0b7fa0af92c0b10d5189ae96a23be11cbb9ddd54b1
-
SHA512
23f99abf03e04e6afea0a009aed613dcfc8d0a8d878aa80b6f7a040df24005f31e98f9d2d6a595fc74605a19eeabe82088deca779f158fd7d557e82d5c107f90
-
SSDEEP
1536:FRL+W+1ccfGqQ5lNxb5VTMbaRw+xowtxBlkixID4WxK4zgeP:XLc1ccOnlNxbT4ba1x5txBPxID4WxKU
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
f71547636e241728e7236337554ee477_JaffaCakes118
-
Size
104KB
-
MD5
f71547636e241728e7236337554ee477
-
SHA1
dd12abf9a07d7581675ec9bc95a72a0463850cee
-
SHA256
20bf9eefaa243d28369a9b0b7fa0af92c0b10d5189ae96a23be11cbb9ddd54b1
-
SHA512
23f99abf03e04e6afea0a009aed613dcfc8d0a8d878aa80b6f7a040df24005f31e98f9d2d6a595fc74605a19eeabe82088deca779f158fd7d557e82d5c107f90
-
SSDEEP
1536:FRL+W+1ccfGqQ5lNxb5VTMbaRw+xowtxBlkixID4WxK4zgeP:XLc1ccOnlNxbT4ba1x5txBPxID4WxKU
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5