Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0fb4afabf6d14272463f9bbb1162af40_NeikiAnalytics
-
Size
88KB
-
Sample
240511-r4vlrafa65
-
MD5
0fb4afabf6d14272463f9bbb1162af40
-
SHA1
2ab4ada95ee3dfeb9b342431633068aba3768ba8
-
SHA256
85784b23a02743d8133b23a0b43c1c1d20e51e444a9218a40f3a692d92b1e4f1
-
SHA512
309f0df36cfe096303f66b0d57ae52b4a9d554301cf7530ecee6a430623b280dea02f0050afa4e3a10bfb80d7e878aa188e1427e0909fc98a756a4d545a83e50
-
SSDEEP
1536:uk2djFQmreOoYaDK4/XYsYsAlEr4ium27/WfaWsgT37r9rOlJfG:u1vQSeOoYYXanm2TgsgTv9rOze
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0fb4afabf6d14272463f9bbb1162af40_NeikiAnalytics
-
Size
88KB
-
MD5
0fb4afabf6d14272463f9bbb1162af40
-
SHA1
2ab4ada95ee3dfeb9b342431633068aba3768ba8
-
SHA256
85784b23a02743d8133b23a0b43c1c1d20e51e444a9218a40f3a692d92b1e4f1
-
SHA512
309f0df36cfe096303f66b0d57ae52b4a9d554301cf7530ecee6a430623b280dea02f0050afa4e3a10bfb80d7e878aa188e1427e0909fc98a756a4d545a83e50
-
SSDEEP
1536:uk2djFQmreOoYaDK4/XYsYsAlEr4ium27/WfaWsgT37r9rOlJfG:u1vQSeOoYYXanm2TgsgTv9rOze
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1