Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    efe1b8041dafce60b2e84f0c66ad969d275573efc734a5a395417ac6f5b11451

  • Size

    277KB

  • Sample

    221020-npn9mscaa5

  • MD5

    7d512244704ec7d0d57391ddca72df16

  • SHA1

    587ea4305d315bce15c48d0989e6837990dfaec9

  • SHA256

    efe1b8041dafce60b2e84f0c66ad969d275573efc734a5a395417ac6f5b11451

  • SHA512

    2265ce6dfd876c204f7547cc57eac3ceb8091672c2a4d69e6e97341a32e6f1ccb883d9ba712fae0066d993e706d00e07983df8dfaf412ab1c9b3b56f2a972f6f

  • SSDEEP

    6144:CY5XCwA3rxVhhwN9HJQaM2bGx/2aDDOQzX6NNXha:CY5XCwYlVbwN9HJQepan5Ss

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      efe1b8041dafce60b2e84f0c66ad969d275573efc734a5a395417ac6f5b11451

    • Size

      277KB

    • MD5

      7d512244704ec7d0d57391ddca72df16

    • SHA1

      587ea4305d315bce15c48d0989e6837990dfaec9

    • SHA256

      efe1b8041dafce60b2e84f0c66ad969d275573efc734a5a395417ac6f5b11451

    • SHA512

      2265ce6dfd876c204f7547cc57eac3ceb8091672c2a4d69e6e97341a32e6f1ccb883d9ba712fae0066d993e706d00e07983df8dfaf412ab1c9b3b56f2a972f6f

    • SSDEEP

      6144:CY5XCwA3rxVhhwN9HJQaM2bGx/2aDDOQzX6NNXha:CY5XCwYlVbwN9HJQepan5Ss

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks