Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
52e68e017378cbe56bcb5441b5317a2f354a267845297863645cdcd3dfa3f256
-
Size
452KB
-
Sample
241003-gxqdcaycqm
-
MD5
2211b4ce6e4c907d6fd2cc2835ed1fb1
-
SHA1
8c942f139a93b065e6e325743d6927bb1208d950
-
SHA256
52e68e017378cbe56bcb5441b5317a2f354a267845297863645cdcd3dfa3f256
-
SHA512
1831e37a738e83c64cfdac2bfe8e5e7f9655c8e8503b6fe652a075ff472a958ef3d2f628254286e9a9b466d3b7107ac99fd9f821409b5f06cebceebbe6e90a9b
-
SSDEEP
12288:KW710ihv4c1/2DgDMxvukwQKqDQQQQQQQQQAdddddddddWHrM4vAK8O:KW710itT1zIxoqDQQQQQQQQQAddddddc
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
52e68e017378cbe56bcb5441b5317a2f354a267845297863645cdcd3dfa3f256
-
Size
452KB
-
MD5
2211b4ce6e4c907d6fd2cc2835ed1fb1
-
SHA1
8c942f139a93b065e6e325743d6927bb1208d950
-
SHA256
52e68e017378cbe56bcb5441b5317a2f354a267845297863645cdcd3dfa3f256
-
SHA512
1831e37a738e83c64cfdac2bfe8e5e7f9655c8e8503b6fe652a075ff472a958ef3d2f628254286e9a9b466d3b7107ac99fd9f821409b5f06cebceebbe6e90a9b
-
SSDEEP
12288:KW710ihv4c1/2DgDMxvukwQKqDQQQQQQQQQAdddddddddWHrM4vAK8O:KW710itT1zIxoqDQQQQQQQQQAddddddc
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5