Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c383fcc36f68b68cf4bc3b9559656f703034a4b8c9de05b481ed1746a92bfb9c

  • Size

    97KB

  • Sample

    221004-g8sb3sffe5

  • MD5

    4330a1fc6d432219aea135fee2849b6d

  • SHA1

    b72751a9d9a91b09ff65ea67073a0e96a63b83c7

  • SHA256

    c383fcc36f68b68cf4bc3b9559656f703034a4b8c9de05b481ed1746a92bfb9c

  • SHA512

    87755270fa13c1b733c2e6fc153a3bdabd93b9af1ce802df529576fa74e67fa23f89171be6b4c8cddd061d8c62c945fdad83cbbdedab5588600058a96a18d7bc

  • SSDEEP

    1536:zEPteCB5smGp1xr1KmN0nOmd2yg+Q5CdgL9G6fpqGNDkUQX00nSTom1:zEPxBmp1DN0nGyg9gs9G6fcGlkU2STH1

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      c383fcc36f68b68cf4bc3b9559656f703034a4b8c9de05b481ed1746a92bfb9c

    • Size

      97KB

    • MD5

      4330a1fc6d432219aea135fee2849b6d

    • SHA1

      b72751a9d9a91b09ff65ea67073a0e96a63b83c7

    • SHA256

      c383fcc36f68b68cf4bc3b9559656f703034a4b8c9de05b481ed1746a92bfb9c

    • SHA512

      87755270fa13c1b733c2e6fc153a3bdabd93b9af1ce802df529576fa74e67fa23f89171be6b4c8cddd061d8c62c945fdad83cbbdedab5588600058a96a18d7bc

    • SSDEEP

      1536:zEPteCB5smGp1xr1KmN0nOmd2yg+Q5CdgL9G6fpqGNDkUQX00nSTom1:zEPxBmp1DN0nGyg9gs9G6fcGlkU2STH1

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks