Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    94f3a3ef0d914aa3bbe8297eb065f5108820a8c4d7df5e455824ebd747e3dafc

  • Size

    410KB

  • Sample

    221106-xhr7dsgaa9

  • MD5

    0e265c41cf42ba3cb7fb893ff98da186

  • SHA1

    3d7e4f5c12ecc284a92e6dcf1dd9c1603ec9e473

  • SHA256

    94f3a3ef0d914aa3bbe8297eb065f5108820a8c4d7df5e455824ebd747e3dafc

  • SHA512

    bede6020e2a83050691af1e0acd1bce5ae61777066380bb310d5bd5646c86b2d9c48137ae97601af769d2ee70ed32ee604ab9dd5100164260f0fd5919481b4fa

  • SSDEEP

    6144:72EGyyn8t8qgCJs/IrELgoNPrpO7LIyPLldmbvuXMjR1y9lZpIM2cHheqKUhvRO5:7YqgN/IrEkoNk7L6zSZp9PQ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      94f3a3ef0d914aa3bbe8297eb065f5108820a8c4d7df5e455824ebd747e3dafc

    • Size

      410KB

    • MD5

      0e265c41cf42ba3cb7fb893ff98da186

    • SHA1

      3d7e4f5c12ecc284a92e6dcf1dd9c1603ec9e473

    • SHA256

      94f3a3ef0d914aa3bbe8297eb065f5108820a8c4d7df5e455824ebd747e3dafc

    • SHA512

      bede6020e2a83050691af1e0acd1bce5ae61777066380bb310d5bd5646c86b2d9c48137ae97601af769d2ee70ed32ee604ab9dd5100164260f0fd5919481b4fa

    • SSDEEP

      6144:72EGyyn8t8qgCJs/IrELgoNPrpO7LIyPLldmbvuXMjR1y9lZpIM2cHheqKUhvRO5:7YqgN/IrEkoNk7L6zSZp9PQ

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks