Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7e9327110b30b53856a844d960396565315b14a962f5d81c14313d69722f31c9

  • Size

    100KB

  • Sample

    221129-h1pfwsbb4v

  • MD5

    a14aa9dd650824251d76e93680b21f9f

  • SHA1

    5188f0c1d76a563c7ce62d6fd5bee61c36c441bb

  • SHA256

    7e9327110b30b53856a844d960396565315b14a962f5d81c14313d69722f31c9

  • SHA512

    ed457dcc986dc2ef3dbdc3b3224740c8787d9ab573023f19c5e79d90e246e9a4c18d864b8bd05181c8146067814f91838a5a0bf158b02a733fee2552ba9166cb

  • SSDEEP

    1536:WzrbrPyYvY3720LQk+8pTSQVrGcbVQ/BLHpYljq34N/9ANzFqIk8IOigJCXW:ZIG7VyQTSQV6iV+BLuF/9ABk7OfeW

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      7e9327110b30b53856a844d960396565315b14a962f5d81c14313d69722f31c9

    • Size

      100KB

    • MD5

      a14aa9dd650824251d76e93680b21f9f

    • SHA1

      5188f0c1d76a563c7ce62d6fd5bee61c36c441bb

    • SHA256

      7e9327110b30b53856a844d960396565315b14a962f5d81c14313d69722f31c9

    • SHA512

      ed457dcc986dc2ef3dbdc3b3224740c8787d9ab573023f19c5e79d90e246e9a4c18d864b8bd05181c8146067814f91838a5a0bf158b02a733fee2552ba9166cb

    • SSDEEP

      1536:WzrbrPyYvY3720LQk+8pTSQVrGcbVQ/BLHpYljq34N/9ANzFqIk8IOigJCXW:ZIG7VyQTSQV6iV+BLuF/9ABk7OfeW

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks