Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d44420c28a018999d8a161a8f5498e045d7ff5df9321801c060fbf2bf9289dd8
-
Size
2.1MB
-
Sample
240417-nv2f6afb61
-
MD5
6f8bf15573ce0f10ffa13e8c3912e395
-
SHA1
cff1c40a862a3d6569fdde0cc56997af23fc5cf4
-
SHA256
d44420c28a018999d8a161a8f5498e045d7ff5df9321801c060fbf2bf9289dd8
-
SHA512
440019f889364e886e8782a18d0180038719cca32a3dc6906ab0b9f0a0562ca0a0e5f69199e04f4d8deed93a3b1accea06df544e2cf7f4bd31f989dde0823ecb
-
SSDEEP
49152:ITCDEbTK/e7kHXC+ArT+vtKRydODm7NrEOPQ6zBa1tGYwLvtn:ITdbu/MkHHgTMoyAm7NrEGaSn
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
d44420c28a018999d8a161a8f5498e045d7ff5df9321801c060fbf2bf9289dd8
-
Size
2.1MB
-
MD5
6f8bf15573ce0f10ffa13e8c3912e395
-
SHA1
cff1c40a862a3d6569fdde0cc56997af23fc5cf4
-
SHA256
d44420c28a018999d8a161a8f5498e045d7ff5df9321801c060fbf2bf9289dd8
-
SHA512
440019f889364e886e8782a18d0180038719cca32a3dc6906ab0b9f0a0562ca0a0e5f69199e04f4d8deed93a3b1accea06df544e2cf7f4bd31f989dde0823ecb
-
SSDEEP
49152:ITCDEbTK/e7kHXC+ArT+vtKRydODm7NrEOPQ6zBa1tGYwLvtn:ITdbu/MkHHgTMoyAm7NrEGaSn
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1