Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.7444ca9be507f7fa198023822cc1a620_JC.exe

  • Size

    120KB

  • Sample

    231022-syy8esac8x

  • MD5

    7444ca9be507f7fa198023822cc1a620

  • SHA1

    7ed05d2244091f15b793b28a9e646f3baf0e86df

  • SHA256

    edf6405fadb1f3931a8119f5cfdad3f89f023898837345bf546d815b36be7d62

  • SHA512

    0bee40b8c8ee3d3cfad93dccdadd3d40cf9ac05c5289ab14e3687c6239721b68fbbaa763f0af140e183c30932c33371c54d8978501d57d3b6479ed98fa0ac1c7

  • SSDEEP

    3072:zyil/H99lEtGCp0m5kJ8OMFiFY5Cy6/fz:eitHDytl0sINfZyo

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      NEAS.7444ca9be507f7fa198023822cc1a620_JC.exe

    • Size

      120KB

    • MD5

      7444ca9be507f7fa198023822cc1a620

    • SHA1

      7ed05d2244091f15b793b28a9e646f3baf0e86df

    • SHA256

      edf6405fadb1f3931a8119f5cfdad3f89f023898837345bf546d815b36be7d62

    • SHA512

      0bee40b8c8ee3d3cfad93dccdadd3d40cf9ac05c5289ab14e3687c6239721b68fbbaa763f0af140e183c30932c33371c54d8978501d57d3b6479ed98fa0ac1c7

    • SSDEEP

      3072:zyil/H99lEtGCp0m5kJ8OMFiFY5Cy6/fz:eitHDytl0sINfZyo

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks