Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ad077eb443903b2d9d2671e16897fea9e2d93b4cd2d4408eb528d2f2b0c7ff63
-
Size
320KB
-
Sample
221003-wt3xlaacg8
-
MD5
22e8a705f7e9fdc8336c43889a6602e0
-
SHA1
91411aa04f10292c32c8c689d1b2805d967c8887
-
SHA256
ad077eb443903b2d9d2671e16897fea9e2d93b4cd2d4408eb528d2f2b0c7ff63
-
SHA512
67771ee9c3fc5b5e4846571d1e033b4c44c0d586180b0f9c8e513baa262e69aebf33fde899b09fdbd6d73e27b0fb9f832af2e85f3b3fd20c00ccd8eb9b03bb92
-
SSDEEP
3072:qvY6LipwcDWXVa7bMdY0vJhdzOkvTxIC5wwRvlV+Mb8RK0jLydi:npw5kstvT3hRX+UCKu2di
Static task
static1
Behavioral task
behavioral1
Sample
ad077eb443903b2d9d2671e16897fea9e2d93b4cd2d4408eb528d2f2b0c7ff63.exe
Resource
win7-20220812-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
ad077eb443903b2d9d2671e16897fea9e2d93b4cd2d4408eb528d2f2b0c7ff63
-
Size
320KB
-
MD5
22e8a705f7e9fdc8336c43889a6602e0
-
SHA1
91411aa04f10292c32c8c689d1b2805d967c8887
-
SHA256
ad077eb443903b2d9d2671e16897fea9e2d93b4cd2d4408eb528d2f2b0c7ff63
-
SHA512
67771ee9c3fc5b5e4846571d1e033b4c44c0d586180b0f9c8e513baa262e69aebf33fde899b09fdbd6d73e27b0fb9f832af2e85f3b3fd20c00ccd8eb9b03bb92
-
SSDEEP
3072:qvY6LipwcDWXVa7bMdY0vJhdzOkvTxIC5wwRvlV+Mb8RK0jLydi:npw5kstvT3hRX+UCKu2di
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-