Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d6dd07e0696470b56ecd71a5e683baeda33ec9b76cec8d5f8f227b640ba9b5b4

  • Size

    100KB

  • Sample

    221205-pzl3psbc32

  • MD5

    732539e4d3ee058494b62de6bd2833cd

  • SHA1

    3b6669ab5d5f783d0994fc61da7859014164f657

  • SHA256

    d6dd07e0696470b56ecd71a5e683baeda33ec9b76cec8d5f8f227b640ba9b5b4

  • SHA512

    5db54dbd98362c72403bb828848c5ff70baeba0dd96f0d451fe2204a83af73c5d8fe86cef0574b1fbfbbaf0761f01b2ba1a6bac78b538c71eb999465fba2c561

  • SSDEEP

    768:O2l0CAcjiI79V0wYzcz4UKACHeAvtF+TheR3pkTmBFbeI0wxTYIJ1Fpieepl+BFJ:BJnpYz4wKhe7cmbaOFFpiZ+bC+PjZAc

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      d6dd07e0696470b56ecd71a5e683baeda33ec9b76cec8d5f8f227b640ba9b5b4

    • Size

      100KB

    • MD5

      732539e4d3ee058494b62de6bd2833cd

    • SHA1

      3b6669ab5d5f783d0994fc61da7859014164f657

    • SHA256

      d6dd07e0696470b56ecd71a5e683baeda33ec9b76cec8d5f8f227b640ba9b5b4

    • SHA512

      5db54dbd98362c72403bb828848c5ff70baeba0dd96f0d451fe2204a83af73c5d8fe86cef0574b1fbfbbaf0761f01b2ba1a6bac78b538c71eb999465fba2c561

    • SSDEEP

      768:O2l0CAcjiI79V0wYzcz4UKACHeAvtF+TheR3pkTmBFbeI0wxTYIJ1Fpieepl+BFJ:BJnpYz4wKhe7cmbaOFFpiZ+bC+PjZAc

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks