Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7b514b21b4a46f94468a9a94f0d2e382bd142a295bb69e6cc3ee2afa59cb554d

  • Size

    120KB

  • Sample

    240418-3n9lhsbd2v

  • MD5

    3385f70bae0b0a65bace68b5f5efa1c1

  • SHA1

    d37748dc4a135cb2423f0d26a3b830281a30e1ea

  • SHA256

    7b514b21b4a46f94468a9a94f0d2e382bd142a295bb69e6cc3ee2afa59cb554d

  • SHA512

    4bf6ad9c90103404d2d8a51cc665c6e4d2cf571c3f928ac9ae43d22d20e3427d367dd9c574f8eceac5477a2edcaae50d9d3af1aae8bf87749a4733c871c021d6

  • SSDEEP

    1536:mxJp5PC/nSFBbKmuPRA9zqaw+rKfnFH953Vw9qsni7XeBMQKwIlN:mZ5/HbKpPkOaw+oFHvFafiMMzwoN

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      7b514b21b4a46f94468a9a94f0d2e382bd142a295bb69e6cc3ee2afa59cb554d

    • Size

      120KB

    • MD5

      3385f70bae0b0a65bace68b5f5efa1c1

    • SHA1

      d37748dc4a135cb2423f0d26a3b830281a30e1ea

    • SHA256

      7b514b21b4a46f94468a9a94f0d2e382bd142a295bb69e6cc3ee2afa59cb554d

    • SHA512

      4bf6ad9c90103404d2d8a51cc665c6e4d2cf571c3f928ac9ae43d22d20e3427d367dd9c574f8eceac5477a2edcaae50d9d3af1aae8bf87749a4733c871c021d6

    • SSDEEP

      1536:mxJp5PC/nSFBbKmuPRA9zqaw+rKfnFH953Vw9qsni7XeBMQKwIlN:mZ5/HbKpPkOaw+oFHvFafiMMzwoN

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks