Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
补丁校验包制作工具.exe
-
Size
140KB
-
Sample
230614-h7cexaed5w
-
MD5
ab77792d3b90f5f2c298d4e42a9a09ec
-
SHA1
3e51a53026c60e4d32acab488a8f25df558297e7
-
SHA256
0b87fb9be9cc8adedbd6d747cf7fe25ff324659cb006f05d9716218d98c7adc9
-
SHA512
f53c74bac8d67a8b7eeb1364ed3707e2588af619592e4b2eaca65e7e9bdb15e4ce3687654e114a88bc448fadeff5ccbc6cc53076a0c6806104835eca3b5975b4
-
SSDEEP
3072:XPu20auEel8JNfp0IVoBArO8LRfLYSvVhrTJOU:XO/cKAdfL7vVhnR
Static task
static1
Behavioral task
behavioral1
Sample
补丁校验包制作工具.exe
Resource
win7-20230220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
补丁校验包制作工具.exe
-
Size
140KB
-
MD5
ab77792d3b90f5f2c298d4e42a9a09ec
-
SHA1
3e51a53026c60e4d32acab488a8f25df558297e7
-
SHA256
0b87fb9be9cc8adedbd6d747cf7fe25ff324659cb006f05d9716218d98c7adc9
-
SHA512
f53c74bac8d67a8b7eeb1364ed3707e2588af619592e4b2eaca65e7e9bdb15e4ce3687654e114a88bc448fadeff5ccbc6cc53076a0c6806104835eca3b5975b4
-
SSDEEP
3072:XPu20auEel8JNfp0IVoBArO8LRfLYSvVhrTJOU:XO/cKAdfL7vVhnR
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-