Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
44f7fcbb23a534ddbe15362f240a2a4c97482a322c0bb738f00e0db2ae7ece17
-
Size
2.3MB
-
Sample
240418-kclq7shc8y
-
MD5
1e69bd9cbcafe69895d78cba2c3fb6ce
-
SHA1
ffc75555311caddc93c1704dbe7703c8eac78598
-
SHA256
44f7fcbb23a534ddbe15362f240a2a4c97482a322c0bb738f00e0db2ae7ece17
-
SHA512
ba60ae2b82fe5ec90e08911f38be502e1bed682eace2393d023cf463177d8c4ffb8def35af32c2a17d96bc3f7257717b910dca8adddfa41da0ef14d9e14f8b42
-
SSDEEP
49152:YvggggMWMb0aDsQ1FTw5GbFp0whdZSjYKP/hVY7kXE7o:Y+b0aDfssbFpbUYghL
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
44f7fcbb23a534ddbe15362f240a2a4c97482a322c0bb738f00e0db2ae7ece17
-
Size
2.3MB
-
MD5
1e69bd9cbcafe69895d78cba2c3fb6ce
-
SHA1
ffc75555311caddc93c1704dbe7703c8eac78598
-
SHA256
44f7fcbb23a534ddbe15362f240a2a4c97482a322c0bb738f00e0db2ae7ece17
-
SHA512
ba60ae2b82fe5ec90e08911f38be502e1bed682eace2393d023cf463177d8c4ffb8def35af32c2a17d96bc3f7257717b910dca8adddfa41da0ef14d9e14f8b42
-
SSDEEP
49152:YvggggMWMb0aDsQ1FTw5GbFp0whdZSjYKP/hVY7kXE7o:Y+b0aDfssbFpbUYghL
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1