Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    06f1db7e2d13b39634d840cdd5fdf8620d7b8055daa0c99b59a35f493e045b56

  • Size

    2.8MB

  • Sample

    240417-m381jaec8x

  • MD5

    f310ba4fb49fc16adcdbf496cf10d0b9

  • SHA1

    da20ab2693953887be2733463dd611fb7a663fb5

  • SHA256

    06f1db7e2d13b39634d840cdd5fdf8620d7b8055daa0c99b59a35f493e045b56

  • SHA512

    6f00d2814f3d0f9f005fe8418c8e0a8984e122a4936afa77b95890d8b0885e9f613df5fc4183eace60492ceb15d4e91e6775e77bebf38c9b7e6e76cb44af60a2

  • SSDEEP

    49152:TXsWHXechxxMKou3Sjd140gihhMP+W70cjib1FZTeAL8z:TlHX5hxxbou6sYjW7LJ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      06f1db7e2d13b39634d840cdd5fdf8620d7b8055daa0c99b59a35f493e045b56

    • Size

      2.8MB

    • MD5

      f310ba4fb49fc16adcdbf496cf10d0b9

    • SHA1

      da20ab2693953887be2733463dd611fb7a663fb5

    • SHA256

      06f1db7e2d13b39634d840cdd5fdf8620d7b8055daa0c99b59a35f493e045b56

    • SHA512

      6f00d2814f3d0f9f005fe8418c8e0a8984e122a4936afa77b95890d8b0885e9f613df5fc4183eace60492ceb15d4e91e6775e77bebf38c9b7e6e76cb44af60a2

    • SSDEEP

      49152:TXsWHXechxxMKou3Sjd140gihhMP+W70cjib1FZTeAL8z:TlHX5hxxbou6sYjW7LJ

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.