Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
472b9ae70417addfa36684f9b3970d11ec745428c87d8245269e1f4b18d56475
-
Size
745KB
-
Sample
231114-3pqvssgf79
-
MD5
ea6e3b4603162ac27dc4e6a5692e1eb4
-
SHA1
a43d07f75343a7db48291a39c03c680236973fae
-
SHA256
472b9ae70417addfa36684f9b3970d11ec745428c87d8245269e1f4b18d56475
-
SHA512
e4b557e9df48ad48e576381f355fbf01dfed0ba9fe2fcd1fffa5166dfbf5683ccd00e0cd3b80cd6856b3ed1002b06e43582f093e124389dded8d461f54962a00
-
SSDEEP
12288:BR/EXGkkK4M56qdiZnZZKwFvkesFLliJfKDhW7+iFnUzqn6m5TsK1MGsmyarxh9b:7/EXlytZgwFsesFxYSDOFnUz+6m5Tn1N
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
472b9ae70417addfa36684f9b3970d11ec745428c87d8245269e1f4b18d56475
-
Size
745KB
-
MD5
ea6e3b4603162ac27dc4e6a5692e1eb4
-
SHA1
a43d07f75343a7db48291a39c03c680236973fae
-
SHA256
472b9ae70417addfa36684f9b3970d11ec745428c87d8245269e1f4b18d56475
-
SHA512
e4b557e9df48ad48e576381f355fbf01dfed0ba9fe2fcd1fffa5166dfbf5683ccd00e0cd3b80cd6856b3ed1002b06e43582f093e124389dded8d461f54962a00
-
SSDEEP
12288:BR/EXGkkK4M56qdiZnZZKwFvkesFLliJfKDhW7+iFnUzqn6m5TsK1MGsmyarxh9b:7/EXlytZgwFsesFxYSDOFnUz+6m5Tn1N
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1