Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.076b181f137eb5d94a33dce704acf340_JC.exe
-
Size
215KB
-
Sample
231012-twshjabb5s
-
MD5
076b181f137eb5d94a33dce704acf340
-
SHA1
f011a1ff1c66147510c66827f7cd1da108c424b8
-
SHA256
e47574957f2b535523459c9f47efcd0141b5b4f76b980fcf8dde8043f6255c62
-
SHA512
85aba56a9e8300d011f76a94a5e090d16e50cb9aa8161f1939d4c8b284fb5a215f59d186b510a58d13c11b078697d3b0e935b5c5231b8574440c78294e20a56c
-
SSDEEP
6144:EMZoKx9KAsiNS0L1SU7+aVof0VHGX7SJrozh5H:ESoi9KAsiNS0BSUhW6IqrAXH
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
NEAS.076b181f137eb5d94a33dce704acf340_JC.exe
-
Size
215KB
-
MD5
076b181f137eb5d94a33dce704acf340
-
SHA1
f011a1ff1c66147510c66827f7cd1da108c424b8
-
SHA256
e47574957f2b535523459c9f47efcd0141b5b4f76b980fcf8dde8043f6255c62
-
SHA512
85aba56a9e8300d011f76a94a5e090d16e50cb9aa8161f1939d4c8b284fb5a215f59d186b510a58d13c11b078697d3b0e935b5c5231b8574440c78294e20a56c
-
SSDEEP
6144:EMZoKx9KAsiNS0L1SU7+aVof0VHGX7SJrozh5H:ESoi9KAsiNS0BSUhW6IqrAXH
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1