Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    34c3f8ac32ffff914e04e41df02d0a323fa4f6c07b9c0a4f8fbe8347b52e8315.exe

  • Size

    467KB

  • Sample

    241231-dmz81strgx

  • MD5

    be211fe64e808aa11b41265b9ef44e40

  • SHA1

    bd0066ba72d5ff39aba3989e2a1af6b1feb61001

  • SHA256

    34c3f8ac32ffff914e04e41df02d0a323fa4f6c07b9c0a4f8fbe8347b52e8315

  • SHA512

    ed4f368b44c91a890f67573b588aebb37d863746273f938837d107c356bc5e4e4c03b903a803ab3fb31f5e52e7e1c49aa7d335386cb40e2e06cc15d327b25f81

  • SSDEEP

    6144:4+rxvPoiHw7sQ65lZvygWnMF6kOr6ZOhm1wdZkRmxVEjPLox2xqBBgGLbSs:Prx3IsQelZvAnbRr6ZGm1wdZkIxYWj/3

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      34c3f8ac32ffff914e04e41df02d0a323fa4f6c07b9c0a4f8fbe8347b52e8315.exe

    • Size

      467KB

    • MD5

      be211fe64e808aa11b41265b9ef44e40

    • SHA1

      bd0066ba72d5ff39aba3989e2a1af6b1feb61001

    • SHA256

      34c3f8ac32ffff914e04e41df02d0a323fa4f6c07b9c0a4f8fbe8347b52e8315

    • SHA512

      ed4f368b44c91a890f67573b588aebb37d863746273f938837d107c356bc5e4e4c03b903a803ab3fb31f5e52e7e1c49aa7d335386cb40e2e06cc15d327b25f81

    • SSDEEP

      6144:4+rxvPoiHw7sQ65lZvygWnMF6kOr6ZOhm1wdZkRmxVEjPLox2xqBBgGLbSs:Prx3IsQelZvAnbRr6ZGm1wdZkIxYWj/3

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks