Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_089231da55558143f40d2ec81724cf24

  • Size

    216KB

  • Sample

    241231-g6zndaskgv

  • MD5

    089231da55558143f40d2ec81724cf24

  • SHA1

    af04a4734b32ae21324d3553ff293add75fe3a3d

  • SHA256

    23ca63226d8f856eabec3e58115a7bf7bd6ccaad871192f31a0671a44e25a559

  • SHA512

    be600f64acc22ec7307a20bff105641d243125cf5800db0704409c633b9b2a1f3dab5674b48350156844827dea66c31c728b69fabc74d1003b2a69528b131e07

  • SSDEEP

    6144:n51plxAAZcR/6TkINLRnJsP/HjCmletH:n5nXC142zCGOH

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      JaffaCakes118_089231da55558143f40d2ec81724cf24

    • Size

      216KB

    • MD5

      089231da55558143f40d2ec81724cf24

    • SHA1

      af04a4734b32ae21324d3553ff293add75fe3a3d

    • SHA256

      23ca63226d8f856eabec3e58115a7bf7bd6ccaad871192f31a0671a44e25a559

    • SHA512

      be600f64acc22ec7307a20bff105641d243125cf5800db0704409c633b9b2a1f3dab5674b48350156844827dea66c31c728b69fabc74d1003b2a69528b131e07

    • SSDEEP

      6144:n51plxAAZcR/6TkINLRnJsP/HjCmletH:n5nXC142zCGOH

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks