Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.497c703002250e05da75df461c3abe10_JC.exe

  • Size

    120KB

  • Sample

    231104-zh7cesgg84

  • MD5

    497c703002250e05da75df461c3abe10

  • SHA1

    970cc6a10c30f287fbea64f3ef43a3f434dbd5d6

  • SHA256

    2848230b3fee8839522d26325c2ab483dccc673abcd54ed26034dcafad42b35b

  • SHA512

    58838b8676c97b71178cd85d4f34a0b663544839dea615f049837fa31c652ed998a8206f2e1eb9a49caa5d72ab3ee18ecaca8ca9295a357c5231773f645078ce

  • SSDEEP

    1536:+afsUrDdlnvTbabOyTnaGEvr1CQQ5+ZZCNHsoI0Ls1j0H7XgzOoASDSdRYP:+kndln2FTaLRJc+v0qos4H7Xgfh

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      NEAS.497c703002250e05da75df461c3abe10_JC.exe

    • Size

      120KB

    • MD5

      497c703002250e05da75df461c3abe10

    • SHA1

      970cc6a10c30f287fbea64f3ef43a3f434dbd5d6

    • SHA256

      2848230b3fee8839522d26325c2ab483dccc673abcd54ed26034dcafad42b35b

    • SHA512

      58838b8676c97b71178cd85d4f34a0b663544839dea615f049837fa31c652ed998a8206f2e1eb9a49caa5d72ab3ee18ecaca8ca9295a357c5231773f645078ce

    • SSDEEP

      1536:+afsUrDdlnvTbabOyTnaGEvr1CQQ5+ZZCNHsoI0Ls1j0H7XgzOoASDSdRYP:+kndln2FTaLRJc+v0qos4H7Xgfh

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks