Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    844fdf64fe61602727a3607b9f3a878c5c55b8458bc133b044fe15b0358d74ee

  • Size

    142KB

  • Sample

    221002-vaq81sggal

  • MD5

    04fcc30dc19ef4b80a75212e6eed46dc

  • SHA1

    000721d3947af3f015fbe79e3ff61bbde8ddf280

  • SHA256

    844fdf64fe61602727a3607b9f3a878c5c55b8458bc133b044fe15b0358d74ee

  • SHA512

    1fe8f2eef44954771a0f0c82211a1f58fb609d682cbe8ca17a6afa572d9c09f6212817f57ace14e625dd87f8f10e506fdca7dd447f78ec0d5477a3e8032297fa

  • SSDEEP

    3072:pNQKPWDygI0CLsICg92cnyeDr24JMvTd2/xU1TeX0mZ:pNSDygINsXg4DTUxxkmZ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      844fdf64fe61602727a3607b9f3a878c5c55b8458bc133b044fe15b0358d74ee

    • Size

      142KB

    • MD5

      04fcc30dc19ef4b80a75212e6eed46dc

    • SHA1

      000721d3947af3f015fbe79e3ff61bbde8ddf280

    • SHA256

      844fdf64fe61602727a3607b9f3a878c5c55b8458bc133b044fe15b0358d74ee

    • SHA512

      1fe8f2eef44954771a0f0c82211a1f58fb609d682cbe8ca17a6afa572d9c09f6212817f57ace14e625dd87f8f10e506fdca7dd447f78ec0d5477a3e8032297fa

    • SSDEEP

      3072:pNQKPWDygI0CLsICg92cnyeDr24JMvTd2/xU1TeX0mZ:pNSDygINsXg4DTUxxkmZ

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks