metasploit | 028693ded0839fd9d2b58441cdf1ec16c65edb7848b148f67c9c327fd9f56908 | Triage

Submit
Reports

Overview

overview

Static

static

028693ded0...08.exe

windows7_x64

028693ded0...08.exe

windows10-2004_x64

Sharing

General

Target

028693ded0839fd9d2b58441cdf1ec16c65edb7848b148f67c9c327fd9f56908
Size

126KB
Sample

220528-en8gfscdem
MD5

777be51c882ac8b00427dd4a8a176572
SHA1

f829eed157893d16a243cda99b1b8a138805e143
SHA256

028693ded0839fd9d2b58441cdf1ec16c65edb7848b148f67c9c327fd9f56908
SHA512

6a5c6f29f10501903e424a2392832423007ad4ed3fad2c6d5dc43646e8b6abf74dcb7f514e6894ca9809a2ae8c6f129f3e838342afc8fce20edb915397ef2604

Score

10^/10

metasploit sality backdoor evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

028693ded0839fd9d2b58441cdf1ec16c65edb7848b148f67c9c327fd9f56908.exe

Resource

win7-20220414-en

metasploit sality backdoor evasion trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

028693ded0839fd9d2b58441cdf1ec16c65edb7848b148f67c9c327fd9f56908.exe

Resource

win10v2004-20220414-en

metasploit sality backdoor evasion trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  028693ded0839fd9d2b58441cdf1ec16c65edb7848b148f67c9c327fd9f56908
- Size
  
  126KB
- MD5
  
  777be51c882ac8b00427dd4a8a176572
- SHA1
  
  f829eed157893d16a243cda99b1b8a138805e143
- SHA256
  
  028693ded0839fd9d2b58441cdf1ec16c65edb7848b148f67c9c327fd9f56908
- SHA512
  
  6a5c6f29f10501903e424a2392832423007ad4ed3fad2c6d5dc43646e8b6abf74dcb7f514e6894ca9809a2ae8c6f129f3e838342afc8fce20edb915397ef2604
Score

10^/10

metasploit sality backdoor evasion trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitsalitybackdoorevasiontrojanupx

behavioral2

metasploitsalitybackdoorevasiontrojanupx

© 2018-2024

Terms | Privacy