Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d

  • Size

    242KB

  • Sample

    221028-x5y88acce3

  • MD5

    0c2b933c96075287e46272be1168d0c0

  • SHA1

    f67149313c952cc96cb546f9a7d88cad4f485a99

  • SHA256

    ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d

  • SHA512

    41ffdcb204f1eb7fe59204917c5f39c54a247a7315c5ae8b41b1f4baf1880421bcab0ff4c0f5f47c2f810ec764214a2e6fc8ab4b9d307d1a6b68a4b374beb77b

  • SSDEEP

    6144:1LAOpuAQaJAbw1uZcGNpDIVpWHHfG1nE00abhsy:FWAQb4uZc+pDIXACE9hy

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d

    • Size

      242KB

    • MD5

      0c2b933c96075287e46272be1168d0c0

    • SHA1

      f67149313c952cc96cb546f9a7d88cad4f485a99

    • SHA256

      ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d

    • SHA512

      41ffdcb204f1eb7fe59204917c5f39c54a247a7315c5ae8b41b1f4baf1880421bcab0ff4c0f5f47c2f810ec764214a2e6fc8ab4b9d307d1a6b68a4b374beb77b

    • SSDEEP

      6144:1LAOpuAQaJAbw1uZcGNpDIVpWHHfG1nE00abhsy:FWAQb4uZc+pDIXACE9hy

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks