Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-04-16_d5bfe20d5faf0e1fd21352cd5c301705_icedid

  • Size

    4.0MB

  • Sample

    240416-vzhm6sga58

  • MD5

    d5bfe20d5faf0e1fd21352cd5c301705

  • SHA1

    f70675c9e3449931763e02473859e81f5dfa42a4

  • SHA256

    990c0d4c483f48ab674323f2af077520ec1e2d572eff6aa6cf683788fda462d4

  • SHA512

    ffd08c9027134f5cd3f025a283a76b812ae4f9079d77e563a21cb3338a4b19a18a9e92b9d0b198852962fa5eb648a081eb01c3205acb8c1e6e363d07aead7aa8

  • SSDEEP

    12288:p1V5z4orgIEI2Q/Q1PoZx+BC+ZbXIrW0iI:pJzLEIR3H+uW0iI

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      2024-04-16_d5bfe20d5faf0e1fd21352cd5c301705_icedid

    • Size

      4.0MB

    • MD5

      d5bfe20d5faf0e1fd21352cd5c301705

    • SHA1

      f70675c9e3449931763e02473859e81f5dfa42a4

    • SHA256

      990c0d4c483f48ab674323f2af077520ec1e2d572eff6aa6cf683788fda462d4

    • SHA512

      ffd08c9027134f5cd3f025a283a76b812ae4f9079d77e563a21cb3338a4b19a18a9e92b9d0b198852962fa5eb648a081eb01c3205acb8c1e6e363d07aead7aa8

    • SSDEEP

      12288:p1V5z4orgIEI2Q/Q1PoZx+BC+ZbXIrW0iI:pJzLEIR3H+uW0iI

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • Detects executables packed with VMProtect.

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks