Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3efb9eaea8a30b685b67cb06b56b186582f961dcfb88a0c916a6fa84d35f1041.exe

  • Size

    3.0MB

  • Sample

    240705-gc1nkswdmd

  • MD5

    6faa1ca3bbbe30e5bf38bc5538f04980

  • SHA1

    75e5bb4ed3c2ede0a7227ed4588a014d5ad9f5ec

  • SHA256

    3efb9eaea8a30b685b67cb06b56b186582f961dcfb88a0c916a6fa84d35f1041

  • SHA512

    7d916c68981a4ca1eb5ba15ddadfbbc5e5e546b3e57e384710c5ac6f7f9639a472a73b72088964347896357b0ebccbbfe054c661aac4d9c0ba3321c342b2306f

  • SSDEEP

    49152:kMLeP19bEQBeI0BawEjSghQO+RejCXnTRhApjDRNqAe/l3YvH:9LeP19gQI1BJEjP+RiC3thy4xYP

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      3efb9eaea8a30b685b67cb06b56b186582f961dcfb88a0c916a6fa84d35f1041.exe

    • Size

      3.0MB

    • MD5

      6faa1ca3bbbe30e5bf38bc5538f04980

    • SHA1

      75e5bb4ed3c2ede0a7227ed4588a014d5ad9f5ec

    • SHA256

      3efb9eaea8a30b685b67cb06b56b186582f961dcfb88a0c916a6fa84d35f1041

    • SHA512

      7d916c68981a4ca1eb5ba15ddadfbbc5e5e546b3e57e384710c5ac6f7f9639a472a73b72088964347896357b0ebccbbfe054c661aac4d9c0ba3321c342b2306f

    • SSDEEP

      49152:kMLeP19bEQBeI0BawEjSghQO+RejCXnTRhApjDRNqAe/l3YvH:9LeP19gQI1BJEjP+RiC3thy4xYP

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks