Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d

  • Size

    2.2MB

  • Sample

    231021-kstrrafb86

  • MD5

    6546fb9ff12b3f68250c56a13fe2f129

  • SHA1

    9f6025ecb1bd145c36204c0cb37d2c8d4429c955

  • SHA256

    7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d

  • SHA512

    32f5a05eea210d88f79b6f049eff56263e34a21c905ec0148ef3a68495704858ef8b693b4e92274b0cf12e9c7c905d47833f87de00c7383bc2261aceb9384ff0

  • SSDEEP

    49152:fNFbZHkDXHY4RUM6yutBZlfIzOdO3mhS87NrWOPKV1fXLvcsZ9:fNRZHkDXHYkU6wBkzN3U7NrW7

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d

    • Size

      2.2MB

    • MD5

      6546fb9ff12b3f68250c56a13fe2f129

    • SHA1

      9f6025ecb1bd145c36204c0cb37d2c8d4429c955

    • SHA256

      7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d

    • SHA512

      32f5a05eea210d88f79b6f049eff56263e34a21c905ec0148ef3a68495704858ef8b693b4e92274b0cf12e9c7c905d47833f87de00c7383bc2261aceb9384ff0

    • SSDEEP

      49152:fNFbZHkDXHY4RUM6yutBZlfIzOdO3mhS87NrWOPKV1fXLvcsZ9:fNRZHkDXHYkU6wBkzN3U7NrW7

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.