Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c4829300063c5a22db09f463e93ab8b

  • Size

    177KB

  • Sample

    231226-ttn3bscab6

  • MD5

    7c4829300063c5a22db09f463e93ab8b

  • SHA1

    0710e5561af076b041420f691e970987a7812f2c

  • SHA256

    6aebb1315f0b543b83bff51a2e87049a59015c8bb69eff5a8ed0133d554070a0

  • SHA512

    8255d9921ef146a42bdc1b1ea5ee18557312b4f38f3554b7fe6441f2bd47cf9932b97312e5342548ca6fbf0e5ce531ba5b77d6fd1caea843e8499c88aff1314e

  • SSDEEP

    3072:PchRJgXkQbQJWB1+VK774VHRoJ00s4mVKi5QJszehcDdj5WYEgZpe:PchRJ60074FRoJkKi5Qlhcp8gy

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      7c4829300063c5a22db09f463e93ab8b

    • Size

      177KB

    • MD5

      7c4829300063c5a22db09f463e93ab8b

    • SHA1

      0710e5561af076b041420f691e970987a7812f2c

    • SHA256

      6aebb1315f0b543b83bff51a2e87049a59015c8bb69eff5a8ed0133d554070a0

    • SHA512

      8255d9921ef146a42bdc1b1ea5ee18557312b4f38f3554b7fe6441f2bd47cf9932b97312e5342548ca6fbf0e5ce531ba5b77d6fd1caea843e8499c88aff1314e

    • SSDEEP

      3072:PchRJgXkQbQJWB1+VK774VHRoJ00s4mVKi5QJszehcDdj5WYEgZpe:PchRJ60074FRoJkKi5Qlhcp8gy

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks