Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2bd0672bbbfd6b9e7cf3781861baf2837252b19ada14f5e1008efd60fe431473

  • Size

    566KB

  • Sample

    221030-wqy48sdad8

  • MD5

    82a831fab6f121c7c759ca00e99aaf0f

  • SHA1

    83f2f02e625c18016c49aef16cc4916b87212fd6

  • SHA256

    2bd0672bbbfd6b9e7cf3781861baf2837252b19ada14f5e1008efd60fe431473

  • SHA512

    50030c9c5e49516e3f1ffa7f0357a0011773180754fd52ce9205e023fd416bbb513b40b9aab28ac77d8b6bcd0c73b1471bc6807f5514f47e9ab3097768fd45ca

  • SSDEEP

    12288:B7TKsoTYZpKfaBDKTg9xVsam0HEO6w5xOz5Ye:NTiYZpKCBOk2B0uYxOzP

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2bd0672bbbfd6b9e7cf3781861baf2837252b19ada14f5e1008efd60fe431473

    • Size

      566KB

    • MD5

      82a831fab6f121c7c759ca00e99aaf0f

    • SHA1

      83f2f02e625c18016c49aef16cc4916b87212fd6

    • SHA256

      2bd0672bbbfd6b9e7cf3781861baf2837252b19ada14f5e1008efd60fe431473

    • SHA512

      50030c9c5e49516e3f1ffa7f0357a0011773180754fd52ce9205e023fd416bbb513b40b9aab28ac77d8b6bcd0c73b1471bc6807f5514f47e9ab3097768fd45ca

    • SSDEEP

      12288:B7TKsoTYZpKfaBDKTg9xVsam0HEO6w5xOz5Ye:NTiYZpKCBOk2B0uYxOzP

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks