Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    14a0b8532311d0634a43394ff3f4a8a488cb0f61c6c9dfea54fbbb6d968bd217

  • Size

    100KB

  • Sample

    221129-h44d8abe21

  • MD5

    20bdd7221054b02eeee06314b251edef

  • SHA1

    6ba7e9d5dd35064ecf272804a4dc76ea7617dbe9

  • SHA256

    14a0b8532311d0634a43394ff3f4a8a488cb0f61c6c9dfea54fbbb6d968bd217

  • SHA512

    97602f0b698569c481b42803ca18193056915911f0819455fde2c1235561c4ea21fd957bedbf7ebf04ab144d913eca11ac863599b062bf9531842b61bc26b751

  • SSDEEP

    1536:ylfodJxfSTgjTuJS2l8tuXJU8k22mHNR3umNalJBGq9AU8kJBl4KuX6ryqvdqZQ:ylfoduUJ2lDXM+3j8vGq9ABnzq1qZ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      14a0b8532311d0634a43394ff3f4a8a488cb0f61c6c9dfea54fbbb6d968bd217

    • Size

      100KB

    • MD5

      20bdd7221054b02eeee06314b251edef

    • SHA1

      6ba7e9d5dd35064ecf272804a4dc76ea7617dbe9

    • SHA256

      14a0b8532311d0634a43394ff3f4a8a488cb0f61c6c9dfea54fbbb6d968bd217

    • SHA512

      97602f0b698569c481b42803ca18193056915911f0819455fde2c1235561c4ea21fd957bedbf7ebf04ab144d913eca11ac863599b062bf9531842b61bc26b751

    • SSDEEP

      1536:ylfodJxfSTgjTuJS2l8tuXJU8k22mHNR3umNalJBGq9AU8kJBl4KuX6ryqvdqZQ:ylfoduUJ2lDXM+3j8vGq9ABnzq1qZ

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks