Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Digital_Keylogger_v3.3.zip
-
Size
459KB
-
Sample
240825-gfalkayhqk
-
MD5
9931b479c4844c7a13a67111488a816b
-
SHA1
0fe00913d14238681b4757766591ac55be0f829c
-
SHA256
f17f5d86e6b89099a684337a1616c17f3ab5aba62e6db125d0fff62e8afefb73
-
SHA512
32f9561374cc677168bf9fcb03ad1206b0533c247cce75cbc46eab6e6e83fac5ff4ba5125e26db64abe3b48c7bef83102dd40fcc5ffe71633bb9df9a575a205d
-
SSDEEP
12288:+QCi/XJo/9kZEId9q867GJIhFj4R/VVEQNs5QGVKg+ADaTI:dCi/XJQoqG2hFj4HVEQNQQGVnII
Static task
static1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
Digital_Keylogger_v3.3.exe
-
Size
788KB
-
MD5
1946f371b3798d06da6e05659ca5ee4a
-
SHA1
39ab80902f0ad7a5358dbf82392e8a0bf9bf0bc9
-
SHA256
a12f45971bc5aa4c0a3429c6a13ed66c9d030c2a44a208ebbf9accc11e9f7221
-
SHA512
d1cef03f3a6109618aebc663628145246399a3d7896e38ee0afb15d3c1e4075d201300e39a26d9f776e61205c40a7d2e4ffa3e56145e9b32be4738a498535a08
-
SSDEEP
12288:VBjYdb/8zm6oQSPEqmIFBwhN3VEkNw5MG5KVoS/CAoaT9:L0db/8zm6oQSPE/IFBwjVEkNkMG5hI9
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5