Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6847ec1da4590509ba00d30e9d210bd203b4dd8e2438a1f7bd02fa2abc3e8b1fN

  • Size

    2.5MB

  • Sample

    241001-wdbs6swdqf

  • MD5

    129949b436ace7eeb834ad25244cef90

  • SHA1

    73614496c3094e3270f203a36b691833b9375fe9

  • SHA256

    6847ec1da4590509ba00d30e9d210bd203b4dd8e2438a1f7bd02fa2abc3e8b1f

  • SHA512

    b81a1f8a14b9f3f3d111398168ff5c3d9695b5a333168ac31541cce6edd411e3ab054548d72abafedad95937f5f7b943c7d28d6b659fe1986c4b4c42a0e2d476

  • SSDEEP

    49152:zkWvcZ16TnM/8yWcvQsIHVdORj4OSyZdkq67I8Cuxw9:zkWEkM/Fvj4OR0s/677xE

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      6847ec1da4590509ba00d30e9d210bd203b4dd8e2438a1f7bd02fa2abc3e8b1fN

    • Size

      2.5MB

    • MD5

      129949b436ace7eeb834ad25244cef90

    • SHA1

      73614496c3094e3270f203a36b691833b9375fe9

    • SHA256

      6847ec1da4590509ba00d30e9d210bd203b4dd8e2438a1f7bd02fa2abc3e8b1f

    • SHA512

      b81a1f8a14b9f3f3d111398168ff5c3d9695b5a333168ac31541cce6edd411e3ab054548d72abafedad95937f5f7b943c7d28d6b659fe1986c4b4c42a0e2d476

    • SSDEEP

      49152:zkWvcZ16TnM/8yWcvQsIHVdORj4OSyZdkq67I8Cuxw9:zkWEkM/Fvj4OR0s/677xE

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks