Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    补丁校验包制作工具.exe

  • Size

    140KB

  • Sample

    230614-h7cexaed5w

  • MD5

    ab77792d3b90f5f2c298d4e42a9a09ec

  • SHA1

    3e51a53026c60e4d32acab488a8f25df558297e7

  • SHA256

    0b87fb9be9cc8adedbd6d747cf7fe25ff324659cb006f05d9716218d98c7adc9

  • SHA512

    f53c74bac8d67a8b7eeb1364ed3707e2588af619592e4b2eaca65e7e9bdb15e4ce3687654e114a88bc448fadeff5ccbc6cc53076a0c6806104835eca3b5975b4

  • SSDEEP

    3072:XPu20auEel8JNfp0IVoBArO8LRfLYSvVhrTJOU:XO/cKAdfL7vVhnR

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      补丁校验包制作工具.exe

    • Size

      140KB

    • MD5

      ab77792d3b90f5f2c298d4e42a9a09ec

    • SHA1

      3e51a53026c60e4d32acab488a8f25df558297e7

    • SHA256

      0b87fb9be9cc8adedbd6d747cf7fe25ff324659cb006f05d9716218d98c7adc9

    • SHA512

      f53c74bac8d67a8b7eeb1364ed3707e2588af619592e4b2eaca65e7e9bdb15e4ce3687654e114a88bc448fadeff5ccbc6cc53076a0c6806104835eca3b5975b4

    • SSDEEP

      3072:XPu20auEel8JNfp0IVoBArO8LRfLYSvVhrTJOU:XO/cKAdfL7vVhnR

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks