Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1904e94a1fcad70d9ee80f4962c8f62c9ee3b314918a5b0ec40125ea4b68cc64

  • Size

    120KB

  • Sample

    240417-xrwk6scd7y

  • MD5

    fae4109c2a414b671e19b09376482c0f

  • SHA1

    d46cd75921119564cfac62076128dcbd5a7e30d9

  • SHA256

    1904e94a1fcad70d9ee80f4962c8f62c9ee3b314918a5b0ec40125ea4b68cc64

  • SHA512

    72ce4265444059c5f2283e4349b0f098168009f2ed05a578e8216c5159b3771fb71f699b760ffc4edfd81a676fcc1d915febfaae22601a35a119bcea41b2aec1

  • SSDEEP

    1536:27AKQiz7CFo0jg8NRXDccz8bEkCBXsreeXIZNSQgy6PM1:2UKQiUo0jxwskCB8rn8Hvc0

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      1904e94a1fcad70d9ee80f4962c8f62c9ee3b314918a5b0ec40125ea4b68cc64

    • Size

      120KB

    • MD5

      fae4109c2a414b671e19b09376482c0f

    • SHA1

      d46cd75921119564cfac62076128dcbd5a7e30d9

    • SHA256

      1904e94a1fcad70d9ee80f4962c8f62c9ee3b314918a5b0ec40125ea4b68cc64

    • SHA512

      72ce4265444059c5f2283e4349b0f098168009f2ed05a578e8216c5159b3771fb71f699b760ffc4edfd81a676fcc1d915febfaae22601a35a119bcea41b2aec1

    • SSDEEP

      1536:27AKQiz7CFo0jg8NRXDccz8bEkCBXsreeXIZNSQgy6PM1:2UKQiUo0jxwskCB8rn8Hvc0

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks