Overview

overview

10

Static

static

926b31de3b...bf.exe

windows7_x64

10

926b31de3b...bf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    926b31de3b1b605272a70e7e2c21bf746eb8dad96c67beb27c0b43739b6894bf

  • Size

    150KB

  • Sample

    220605-wqy48sgefp

  • MD5

    9366cc02735c7d11ccccc4eaca9bb64d

  • SHA1

    da9a2109d364b9f96d4f7c7f9de50e71848e5217

  • SHA256

    926b31de3b1b605272a70e7e2c21bf746eb8dad96c67beb27c0b43739b6894bf

  • SHA512

    87bfac74771c172d40e56e3c89cb7e67042919b88c4463d2127d1eac629ded18af5750475d7d490f1f2d93da87c9a39fa3df0b594856f4fe3b66e198d4a0d02e

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      926b31de3b1b605272a70e7e2c21bf746eb8dad96c67beb27c0b43739b6894bf

    • Size

      150KB

    • MD5

      9366cc02735c7d11ccccc4eaca9bb64d

    • SHA1

      da9a2109d364b9f96d4f7c7f9de50e71848e5217

    • SHA256

      926b31de3b1b605272a70e7e2c21bf746eb8dad96c67beb27c0b43739b6894bf

    • SHA512

      87bfac74771c172d40e56e3c89cb7e67042919b88c4463d2127d1eac629ded18af5750475d7d490f1f2d93da87c9a39fa3df0b594856f4fe3b66e198d4a0d02e

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks