Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d
-
Size
2.2MB
-
Sample
231021-kstrrafb86
-
MD5
6546fb9ff12b3f68250c56a13fe2f129
-
SHA1
9f6025ecb1bd145c36204c0cb37d2c8d4429c955
-
SHA256
7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d
-
SHA512
32f5a05eea210d88f79b6f049eff56263e34a21c905ec0148ef3a68495704858ef8b693b4e92274b0cf12e9c7c905d47833f87de00c7383bc2261aceb9384ff0
-
SSDEEP
49152:fNFbZHkDXHY4RUM6yutBZlfIzOdO3mhS87NrWOPKV1fXLvcsZ9:fNRZHkDXHYkU6wBkzN3U7NrW7
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d
-
Size
2.2MB
-
MD5
6546fb9ff12b3f68250c56a13fe2f129
-
SHA1
9f6025ecb1bd145c36204c0cb37d2c8d4429c955
-
SHA256
7d70c93eb377523db0fd54229947e1907b18e1f2a06b7f403292fd3b3ac36e8d
-
SHA512
32f5a05eea210d88f79b6f049eff56263e34a21c905ec0148ef3a68495704858ef8b693b4e92274b0cf12e9c7c905d47833f87de00c7383bc2261aceb9384ff0
-
SSDEEP
49152:fNFbZHkDXHY4RUM6yutBZlfIzOdO3mhS87NrWOPKV1fXLvcsZ9:fNRZHkDXHYkU6wBkzN3U7NrW7
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1