Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    242c24be996e827979509c71f8574398c0a373ae1d07e67ef6df2c03c61f4edd

  • Size

    120KB

  • Sample

    240828-yp3gdavemm

  • MD5

    bf6f3505ca59136d08d699dca52ff9af

  • SHA1

    a5774984f78fd1b8320001aa411ab50cee22a742

  • SHA256

    242c24be996e827979509c71f8574398c0a373ae1d07e67ef6df2c03c61f4edd

  • SHA512

    30fdab92c21a08f81ede70eedb91a798db884ec0d5b36dd72e7e35a1ba94cc1dadf4862c95e8ed7974487e0bfc3940492fad8a601094870ef35b4842ca091e16

  • SSDEEP

    1536:zGHBh/EVHy4LDCsixQ0BZ+eADf3atU08WMDBoxGxbFTkXUkmOBgZoaEYFl6l:aT/WDDixQ4boiU08WJ0xxIkaCoaEu

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      242c24be996e827979509c71f8574398c0a373ae1d07e67ef6df2c03c61f4edd

    • Size

      120KB

    • MD5

      bf6f3505ca59136d08d699dca52ff9af

    • SHA1

      a5774984f78fd1b8320001aa411ab50cee22a742

    • SHA256

      242c24be996e827979509c71f8574398c0a373ae1d07e67ef6df2c03c61f4edd

    • SHA512

      30fdab92c21a08f81ede70eedb91a798db884ec0d5b36dd72e7e35a1ba94cc1dadf4862c95e8ed7974487e0bfc3940492fad8a601094870ef35b4842ca091e16

    • SSDEEP

      1536:zGHBh/EVHy4LDCsixQ0BZ+eADf3atU08WMDBoxGxbFTkXUkmOBgZoaEYFl6l:aT/WDDixQ4boiU08WJ0xxIkaCoaEu

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks