Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ea9b39ca79c203b294f13de7412576eb5a3facf50b8a6497199861d9538ba9a6

  • Size

    164KB

  • Sample

    221011-1vg4qsgcd3

  • MD5

    6ae218867eb9467591bb24c796c24f70

  • SHA1

    7e821f0f91ce1011bc5644970de2567118037967

  • SHA256

    ea9b39ca79c203b294f13de7412576eb5a3facf50b8a6497199861d9538ba9a6

  • SHA512

    b959882f2c3cd74df8cab822e1ab438d84750a332eb1a909cf1a50edec1db346414fd9a2e255725f38d0016251ce098e5c2fb60b21b39db3b1cf789a7dbb4b4d

  • SSDEEP

    3072:2NQKPWDyZI0hJltZrpRRyPZNtB9htSJAvdhp20onnel+FeQ97:2NSDyZISthpcX9SJSjInel2d7

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      ea9b39ca79c203b294f13de7412576eb5a3facf50b8a6497199861d9538ba9a6

    • Size

      164KB

    • MD5

      6ae218867eb9467591bb24c796c24f70

    • SHA1

      7e821f0f91ce1011bc5644970de2567118037967

    • SHA256

      ea9b39ca79c203b294f13de7412576eb5a3facf50b8a6497199861d9538ba9a6

    • SHA512

      b959882f2c3cd74df8cab822e1ab438d84750a332eb1a909cf1a50edec1db346414fd9a2e255725f38d0016251ce098e5c2fb60b21b39db3b1cf789a7dbb4b4d

    • SSDEEP

      3072:2NQKPWDyZI0hJltZrpRRyPZNtB9htSJAvdhp20onnel+FeQ97:2NSDyZISthpcX9SJSjInel2d7

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks