Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.2f7f7d3afc3f465ccfe0f6d775e6d380.exe

  • Size

    164KB

  • Sample

    231013-ytdzkshg88

  • MD5

    2f7f7d3afc3f465ccfe0f6d775e6d380

  • SHA1

    76763ad638a45ba6e02d6481ee6b081671211687

  • SHA256

    e046b9ef11b019e7908ffe1a693effef68df2b5ec43a20e5ab5299e7180e123a

  • SHA512

    44bc0b4d6b5d365b6450a11cac8f969f59ca43b58296f4b4199cf6631ca417b48e12dcb46234a41ef49a03485f0e021807ad3afc27859739d45d1eee9c61e51a

  • SSDEEP

    3072:vNQKPWDyAI0hJltZrpRRy8JEl0G5MtliNeOh7hwtf:vNSDyAISthpd8Mt4n2

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      NEAS.2f7f7d3afc3f465ccfe0f6d775e6d380.exe

    • Size

      164KB

    • MD5

      2f7f7d3afc3f465ccfe0f6d775e6d380

    • SHA1

      76763ad638a45ba6e02d6481ee6b081671211687

    • SHA256

      e046b9ef11b019e7908ffe1a693effef68df2b5ec43a20e5ab5299e7180e123a

    • SHA512

      44bc0b4d6b5d365b6450a11cac8f969f59ca43b58296f4b4199cf6631ca417b48e12dcb46234a41ef49a03485f0e021807ad3afc27859739d45d1eee9c61e51a

    • SSDEEP

      3072:vNQKPWDyAI0hJltZrpRRy8JEl0G5MtliNeOh7hwtf:vNSDyAISthpd8Mt4n2

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks