Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ae84e891ac6a0b85cd0a7b67409cf9a1190c1924ea200808e8cb165e9a116344

  • Size

    167KB

  • Sample

    221121-kf9mfabe57

  • MD5

    3f43ad9460be520e1ea34eb8344d7988

  • SHA1

    2732a9e9874644ebef124a4d9ac376e6f4086ddb

  • SHA256

    ae84e891ac6a0b85cd0a7b67409cf9a1190c1924ea200808e8cb165e9a116344

  • SHA512

    1e64615a5a85200f0d372a726be859d3b9dc27cc93f2bbb4c02575a5cd2bbd4e1c12eea07502414b9e5de6ff78983f8231769a5c5334ea1dd4d8c21c4d977a3d

  • SSDEEP

    3072:pNQKPWDy8I0fFJltZrpReFX3/aQem6/lk0nSTJOZS91hG/1HIHOe:pNSDy8IkFthpNk0nSlt9s1HIu

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      ae84e891ac6a0b85cd0a7b67409cf9a1190c1924ea200808e8cb165e9a116344

    • Size

      167KB

    • MD5

      3f43ad9460be520e1ea34eb8344d7988

    • SHA1

      2732a9e9874644ebef124a4d9ac376e6f4086ddb

    • SHA256

      ae84e891ac6a0b85cd0a7b67409cf9a1190c1924ea200808e8cb165e9a116344

    • SHA512

      1e64615a5a85200f0d372a726be859d3b9dc27cc93f2bbb4c02575a5cd2bbd4e1c12eea07502414b9e5de6ff78983f8231769a5c5334ea1dd4d8c21c4d977a3d

    • SSDEEP

      3072:pNQKPWDy8I0fFJltZrpReFX3/aQem6/lk0nSTJOZS91hG/1HIHOe:pNSDy8IkFthpNk0nSlt9s1HIu

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks