Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
90414a92f7a26e8b306797e294ea0c29ff63a61e3882ceb654b1996583ec4327
-
Size
174KB
-
Sample
240720-akyevs1dpf
-
MD5
c370c9b411a32b42fb361befbbe2f58b
-
SHA1
3823c66c23db10bc0238a1c0cfceb6a2375b5f7b
-
SHA256
90414a92f7a26e8b306797e294ea0c29ff63a61e3882ceb654b1996583ec4327
-
SHA512
4f880a05d129ab5c4d5677c9e4216d8743684a4a0d571356d78999b7e2826a9bbf85a1d689ba82d34a2a421d0b0a87bb4445bd53a8de2276b60d546dd625bc87
-
SSDEEP
3072:rPQreMTKVOq8R9MOF2lozi6K0Hbe0kcWqma5mPFeI8nll/iOTuoC9wVGKXk6S/9U:rPnMCkmlotP2a5mPF1Ql/pCmd0Vq
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
90414a92f7a26e8b306797e294ea0c29ff63a61e3882ceb654b1996583ec4327
-
Size
174KB
-
MD5
c370c9b411a32b42fb361befbbe2f58b
-
SHA1
3823c66c23db10bc0238a1c0cfceb6a2375b5f7b
-
SHA256
90414a92f7a26e8b306797e294ea0c29ff63a61e3882ceb654b1996583ec4327
-
SHA512
4f880a05d129ab5c4d5677c9e4216d8743684a4a0d571356d78999b7e2826a9bbf85a1d689ba82d34a2a421d0b0a87bb4445bd53a8de2276b60d546dd625bc87
-
SSDEEP
3072:rPQreMTKVOq8R9MOF2lozi6K0Hbe0kcWqma5mPFeI8nll/iOTuoC9wVGKXk6S/9U:rPnMCkmlotP2a5mPF1Ql/pCmd0Vq
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1