Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
989a0c74d747dcc1c1e298dd4ba429c2
-
Size
216KB
-
Sample
240213-f89qpafd2y
-
MD5
989a0c74d747dcc1c1e298dd4ba429c2
-
SHA1
bf231599224e3596270434dd0ce523c02c76749d
-
SHA256
78d5fe8823786c7fb42d65325902d83de6a5ea398d40663a191003ca681cb9be
-
SHA512
c45696df4ff01b4dfbc7ee7f8b38f3166b002e5b4e7dd65c9cbbb803fcc70446675754209af57ca110c7bfc9bbdef63cb4d1280ddd3811e0bc9fbfb2edccc388
-
SSDEEP
3072:V0YgJes6iO6yxyvZcMO/6T4nIB5BAZllLMcEY0IuSNTKCrw7:V256v3AZcR/6TkINwlJM3IVhKgw7
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
989a0c74d747dcc1c1e298dd4ba429c2
-
Size
216KB
-
MD5
989a0c74d747dcc1c1e298dd4ba429c2
-
SHA1
bf231599224e3596270434dd0ce523c02c76749d
-
SHA256
78d5fe8823786c7fb42d65325902d83de6a5ea398d40663a191003ca681cb9be
-
SHA512
c45696df4ff01b4dfbc7ee7f8b38f3166b002e5b4e7dd65c9cbbb803fcc70446675754209af57ca110c7bfc9bbdef63cb4d1280ddd3811e0bc9fbfb2edccc388
-
SSDEEP
3072:V0YgJes6iO6yxyvZcMO/6T4nIB5BAZllLMcEY0IuSNTKCrw7:V256v3AZcR/6TkINwlJM3IVhKgw7
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1