Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.0497b6e84f1cdc1067430a04f847bd90.exe

  • Size

    83KB

  • Sample

    231106-c39xqahf76

  • MD5

    0497b6e84f1cdc1067430a04f847bd90

  • SHA1

    a1a6ee6cbaab2cd181b0cba61888aca754496e83

  • SHA256

    eee49866dd5e903ea4bb14d303fd7f704088e357c3154218e5c1e0710940cb36

  • SHA512

    dac28c3482bf2dfa7d668b4f3f1bae88de22ef32cc1cabc1885939c2c5f600621c7c10f018ded58bed6413f1bde4e4411a1308d9840fdbb6eb1b8d5e07b86f59

  • SSDEEP

    1536:wqy2iEjQxeWNg+m2Mz5+qlteRbf4SGABBIXOAAha7ke/3o:wCjQxeUgFltsbfPnpZtd

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      NEAS.0497b6e84f1cdc1067430a04f847bd90.exe

    • Size

      83KB

    • MD5

      0497b6e84f1cdc1067430a04f847bd90

    • SHA1

      a1a6ee6cbaab2cd181b0cba61888aca754496e83

    • SHA256

      eee49866dd5e903ea4bb14d303fd7f704088e357c3154218e5c1e0710940cb36

    • SHA512

      dac28c3482bf2dfa7d668b4f3f1bae88de22ef32cc1cabc1885939c2c5f600621c7c10f018ded58bed6413f1bde4e4411a1308d9840fdbb6eb1b8d5e07b86f59

    • SSDEEP

      1536:wqy2iEjQxeWNg+m2Mz5+qlteRbf4SGABBIXOAAha7ke/3o:wCjQxeUgFltsbfPnpZtd

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks