Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4f9be4c9a5b2f2fa99f64cfea613002598367b45bcbc19701baa92e5939ad05

  • Size

    108KB

  • Sample

    221020-3qcdssbegj

  • MD5

    5158cbc5219cd885942230898b2e8410

  • SHA1

    0e535b3cdd8bf63be71e9759a4142ed99f4c58b9

  • SHA256

    a4f9be4c9a5b2f2fa99f64cfea613002598367b45bcbc19701baa92e5939ad05

  • SHA512

    79f46319dcf52fbdc2c2ac9ef84d1dea76b3f938b5cb909c110e6f60ba57ed0ec8ab643d291a35cbee051ec9d2613123967696e308936a87f64c58f6f9bd9229

  • SSDEEP

    3072:DCzpObod00G60pEmaj0dw0w0QtqE6YahRh7JtR/ABP:yMPzpEmlGKsq8ahB7ABP

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      a4f9be4c9a5b2f2fa99f64cfea613002598367b45bcbc19701baa92e5939ad05

    • Size

      108KB

    • MD5

      5158cbc5219cd885942230898b2e8410

    • SHA1

      0e535b3cdd8bf63be71e9759a4142ed99f4c58b9

    • SHA256

      a4f9be4c9a5b2f2fa99f64cfea613002598367b45bcbc19701baa92e5939ad05

    • SHA512

      79f46319dcf52fbdc2c2ac9ef84d1dea76b3f938b5cb909c110e6f60ba57ed0ec8ab643d291a35cbee051ec9d2613123967696e308936a87f64c58f6f9bd9229

    • SSDEEP

      3072:DCzpObod00G60pEmaj0dw0w0QtqE6YahRh7JtR/ABP:yMPzpEmlGKsq8ahB7ABP

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks