Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    73307a7d8b074412bb22d92347e8195bf50667e4bc1ceec9ee0fe8333f1400f1

  • Size

    216KB

  • Sample

    221123-w4j78sdg33

  • MD5

    4500d779875a36b4893bbe91be04f610

  • SHA1

    a56e4395ff7ab3a70bb8d8551c99db7f5a02ac25

  • SHA256

    73307a7d8b074412bb22d92347e8195bf50667e4bc1ceec9ee0fe8333f1400f1

  • SHA512

    ee1859c5f23d92c20d656ac86a097c06f38a75157735632d4cebf80232611f9148fbd45bd47b43766f349b60f8c024ea434659cbffb53906ee2e9ece6c09dc0f

  • SSDEEP

    3072:TrYgJesJikvyxyvZcMO/6T4nIB5BAZlB/PGm7PT+CMU1sdD3E+NziGE:Tp5J9qAZcR/6TkINwlBf+l2sdD3jzij

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      73307a7d8b074412bb22d92347e8195bf50667e4bc1ceec9ee0fe8333f1400f1

    • Size

      216KB

    • MD5

      4500d779875a36b4893bbe91be04f610

    • SHA1

      a56e4395ff7ab3a70bb8d8551c99db7f5a02ac25

    • SHA256

      73307a7d8b074412bb22d92347e8195bf50667e4bc1ceec9ee0fe8333f1400f1

    • SHA512

      ee1859c5f23d92c20d656ac86a097c06f38a75157735632d4cebf80232611f9148fbd45bd47b43766f349b60f8c024ea434659cbffb53906ee2e9ece6c09dc0f

    • SSDEEP

      3072:TrYgJesJikvyxyvZcMO/6T4nIB5BAZlB/PGm7PT+CMU1sdD3E+NziGE:Tp5J9qAZcR/6TkINwlBf+l2sdD3jzij

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks