Overview

overview

10

Static

static

virussign.exe

windows7-x64

1

virussign.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    virussign.com_d9a58a2184595b99be56fb3534888830

  • Size

    116KB

  • Sample

    220715-v27ebadbd8

  • MD5

    d9a58a2184595b99be56fb3534888830

  • SHA1

    07f1eab666bec957bab92f4f99def1ef10a43950

  • SHA256

    e9d29e5a49be87aea8bd11f52e65d51c5614374cbbc5bd28a602157769d631b7

  • SHA512

    77869f849bb2a45b01b7f41d3d76139b1cf0bb433cdf2ab8b427d236c66b8b237083127c01a46154ef96358740615676e8c72abdfcfe0a35986a7dcbc465009c

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      virussign.com_d9a58a2184595b99be56fb3534888830

    • Size

      116KB

    • MD5

      d9a58a2184595b99be56fb3534888830

    • SHA1

      07f1eab666bec957bab92f4f99def1ef10a43950

    • SHA256

      e9d29e5a49be87aea8bd11f52e65d51c5614374cbbc5bd28a602157769d631b7

    • SHA512

      77869f849bb2a45b01b7f41d3d76139b1cf0bb433cdf2ab8b427d236c66b8b237083127c01a46154ef96358740615676e8c72abdfcfe0a35986a7dcbc465009c

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

3
T1089

Modify Registry

5
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks