Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    820c6431e97bf35a76a07d714cfab76102c6e6fc1d4729fbedd0b6e27602b5c7

  • Size

    100KB

  • Sample

    221014-nj75kadbel

  • MD5

    6440ad89afd14637d5b8ffbf25f508e0

  • SHA1

    3bdf8abd66a48bf3f08964d299980274925c3c4c

  • SHA256

    820c6431e97bf35a76a07d714cfab76102c6e6fc1d4729fbedd0b6e27602b5c7

  • SHA512

    aad51b8f1f8ff9090edc855dfb5363f3ede09d6f55f79f82b8b4266633b3ac45a84d900d62fdcb8d96bc1fe1aa1c8e5f54a0f2fc3f809dd19af41a3bc6bd4d87

  • SSDEEP

    1536:0A1Yqf6OUg+xXvKEM9mqC9xGknNelMvwkTbjwof4Dw5Rb3ZnaiOEChpd35c2Xo1:EsovKEMsrDsGvw7sbIrtfdpZXK

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      820c6431e97bf35a76a07d714cfab76102c6e6fc1d4729fbedd0b6e27602b5c7

    • Size

      100KB

    • MD5

      6440ad89afd14637d5b8ffbf25f508e0

    • SHA1

      3bdf8abd66a48bf3f08964d299980274925c3c4c

    • SHA256

      820c6431e97bf35a76a07d714cfab76102c6e6fc1d4729fbedd0b6e27602b5c7

    • SHA512

      aad51b8f1f8ff9090edc855dfb5363f3ede09d6f55f79f82b8b4266633b3ac45a84d900d62fdcb8d96bc1fe1aa1c8e5f54a0f2fc3f809dd19af41a3bc6bd4d87

    • SSDEEP

      1536:0A1Yqf6OUg+xXvKEM9mqC9xGknNelMvwkTbjwof4Dw5Rb3ZnaiOEChpd35c2Xo1:EsovKEMsrDsGvw7sbIrtfdpZXK

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks