Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_050b521b536ba6e1f628ee71bea4697a

  • Size

    196KB

  • Sample

    241231-fbmvnavmfj

  • MD5

    050b521b536ba6e1f628ee71bea4697a

  • SHA1

    da211089bb0334f49590cd971705bda717790bfe

  • SHA256

    3ff38f79a7c966a4f67f9892a22bb46c1f814f04b1c2a70ddcdd1a8316ce543b

  • SHA512

    ff3605a408548966dad9b9522fc0418b5d583d9e2589e8b1499101f7a1ce6f86f93a37874301132ffdef5b48bd70c851cc15834a2906a8c72d3b0e3d6d8182d1

  • SSDEEP

    3072:Iwf0JXVvsbotwD/M1fg4kTuXMmLMf6nvlEh0P8s:IOudCQDOn8vlaI8s

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      JaffaCakes118_050b521b536ba6e1f628ee71bea4697a

    • Size

      196KB

    • MD5

      050b521b536ba6e1f628ee71bea4697a

    • SHA1

      da211089bb0334f49590cd971705bda717790bfe

    • SHA256

      3ff38f79a7c966a4f67f9892a22bb46c1f814f04b1c2a70ddcdd1a8316ce543b

    • SHA512

      ff3605a408548966dad9b9522fc0418b5d583d9e2589e8b1499101f7a1ce6f86f93a37874301132ffdef5b48bd70c851cc15834a2906a8c72d3b0e3d6d8182d1

    • SSDEEP

      3072:Iwf0JXVvsbotwD/M1fg4kTuXMmLMf6nvlEh0P8s:IOudCQDOn8vlaI8s

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks