Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d

  • Size

    2.2MB

  • Sample

    231021-kstrrafb86

  • MD5

    6546fb9ff12b3f68250c56a13fe2f129

  • SHA1

    9f6025ecb1bd145c36204c0cb37d2c8d4429c955

  • SHA256

    7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d

  • SHA512

    32f5a05eea210d88f79b6f049eff56263e34a21c905ec0148ef3a68495704858ef8b693b4e92274b0cf12e9c7c905d47833f87de00c7383bc2261aceb9384ff0

  • SSDEEP

    49152:fNFbZHkDXHY4RUM6yutBZlfIzOdO3mhS87NrWOPKV1fXLvcsZ9:fNRZHkDXHYkU6wBkzN3U7NrW7

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d

    • Size

      2.2MB

    • MD5

      6546fb9ff12b3f68250c56a13fe2f129

    • SHA1

      9f6025ecb1bd145c36204c0cb37d2c8d4429c955

    • SHA256

      7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d

    • SHA512

      32f5a05eea210d88f79b6f049eff56263e34a21c905ec0148ef3a68495704858ef8b693b4e92274b0cf12e9c7c905d47833f87de00c7383bc2261aceb9384ff0

    • SSDEEP

      49152:fNFbZHkDXHY4RUM6yutBZlfIzOdO3mhS87NrWOPKV1fXLvcsZ9:fNRZHkDXHYkU6wBkzN3U7NrW7

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks