Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b2d05e58073e088f181baa61fc942c16ef211489d3aaa264426694e0df8d59d9

  • Size

    1.3MB

  • Sample

    221129-rymzqaca2z

  • MD5

    b38588a602da8a39add4afefd91395ce

  • SHA1

    b4e21251343717dba9b271aceaefcb2f5f2188da

  • SHA256

    b2d05e58073e088f181baa61fc942c16ef211489d3aaa264426694e0df8d59d9

  • SHA512

    621b00b447b29ae009eaedc3c3d268cf4e82770baa6f8347656b6f7dc2cca4b97bcbfa06f2c1873bc713b1a45a7ae8f12bb348673ac1dedd3d438c5cef16e960

  • SSDEEP

    24576:KaHMv6Corjqny/Q543dhZkDe0Jq34cRLUFLNGMVyH2ah6:K1vqjd/Q583gRgIcNUFsMyHY

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      b2d05e58073e088f181baa61fc942c16ef211489d3aaa264426694e0df8d59d9

    • Size

      1.3MB

    • MD5

      b38588a602da8a39add4afefd91395ce

    • SHA1

      b4e21251343717dba9b271aceaefcb2f5f2188da

    • SHA256

      b2d05e58073e088f181baa61fc942c16ef211489d3aaa264426694e0df8d59d9

    • SHA512

      621b00b447b29ae009eaedc3c3d268cf4e82770baa6f8347656b6f7dc2cca4b97bcbfa06f2c1873bc713b1a45a7ae8f12bb348673ac1dedd3d438c5cef16e960

    • SSDEEP

      24576:KaHMv6Corjqny/Q543dhZkDe0Jq34cRLUFLNGMVyH2ah6:K1vqjd/Q583gRgIcNUFsMyHY

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks