Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f288ecfbe0efa47d9ee02a1077ce84d565bd99432ba3fbd1a9770013d49e9d4f

  • Size

    494KB

  • Sample

    221011-m7wwrsbffl

  • MD5

    00b4f16c961d8433284324d25b572800

  • SHA1

    370d79c091997e0ac8ecdfd290c44f1dce79aa35

  • SHA256

    f288ecfbe0efa47d9ee02a1077ce84d565bd99432ba3fbd1a9770013d49e9d4f

  • SHA512

    3a7c4e80124e8141b5f8825c276f87b7ae82fa64aa68d2d5c665ee0535ff962eafb519ee0bee2c5ce053b390bc7b488d5343cec285de6ba4523a1d80edf74e80

  • SSDEEP

    12288:Gg3M9TO1Fu4+1nkjwCO93AQ/ESLIm5kMK0xTGEhuWEoIyiQ5hx:Gg3M01HRw39pESLI27xTpUWEoIyiQPx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      f288ecfbe0efa47d9ee02a1077ce84d565bd99432ba3fbd1a9770013d49e9d4f

    • Size

      494KB

    • MD5

      00b4f16c961d8433284324d25b572800

    • SHA1

      370d79c091997e0ac8ecdfd290c44f1dce79aa35

    • SHA256

      f288ecfbe0efa47d9ee02a1077ce84d565bd99432ba3fbd1a9770013d49e9d4f

    • SHA512

      3a7c4e80124e8141b5f8825c276f87b7ae82fa64aa68d2d5c665ee0535ff962eafb519ee0bee2c5ce053b390bc7b488d5343cec285de6ba4523a1d80edf74e80

    • SSDEEP

      12288:Gg3M9TO1Fu4+1nkjwCO93AQ/ESLIm5kMK0xTGEhuWEoIyiQ5hx:Gg3M01HRw39pESLI27xTpUWEoIyiQPx

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks