Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aeadbda501f066699d9a793ed8af145846b43e41c791ea86419e34b457516b92
-
Size
3.3MB
-
Sample
231011-sltgeagh26
-
MD5
83352d68f695da4f904a7eb7785bd480
-
SHA1
59a417efc733262709868f4e32243c3cafb9211b
-
SHA256
aeadbda501f066699d9a793ed8af145846b43e41c791ea86419e34b457516b92
-
SHA512
e4a07b5f5d109bf54d2ab721537114655c39250967086a511aee231c06d100b75d71c90aa6b9cfb07707cc96f53bd7b7f910ace321772facbd72e8b5a2b43e3c
-
SSDEEP
98304:cA4wLgc2mK8yXeqOQWNq7N/f6tXq7TF6zz7W:cjwLRyOV4F6K
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
aeadbda501f066699d9a793ed8af145846b43e41c791ea86419e34b457516b92
-
Size
3.3MB
-
MD5
83352d68f695da4f904a7eb7785bd480
-
SHA1
59a417efc733262709868f4e32243c3cafb9211b
-
SHA256
aeadbda501f066699d9a793ed8af145846b43e41c791ea86419e34b457516b92
-
SHA512
e4a07b5f5d109bf54d2ab721537114655c39250967086a511aee231c06d100b75d71c90aa6b9cfb07707cc96f53bd7b7f910ace321772facbd72e8b5a2b43e3c
-
SSDEEP
98304:cA4wLgc2mK8yXeqOQWNq7N/f6tXq7TF6zz7W:cjwLRyOV4F6K
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1