Overview

overview

10

Static

static

d56b387456...c5.exe

windows7-x64

3

d56b387456...c5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d56b38745664a799c5c2313bb3bbd2644881b3037b451629c749ff6948bf47c5

  • Size

    588KB

  • Sample

    221002-3m5k6sffa5

  • MD5

    51c204c9336625d7332fab8cd3349cd2

  • SHA1

    74a01ccd0353ce445c32bfd3c43b0ef54410fb8f

  • SHA256

    d56b38745664a799c5c2313bb3bbd2644881b3037b451629c749ff6948bf47c5

  • SHA512

    387b48362ddf4535782e9e1d5b8b6a7113ab67952bc2b1c4e5e2333e69208f46c73591ba47f66a30836c3f70b58d9cc79353769092761d5eef8aba2bb280cbe3

  • SSDEEP

    12288:qvN0f0Q8//b3IVPW3vjKWpe5z4LeDuUl8eDuUl7cl89jL/:eN0f0Q5PUjrpe58LRO1D

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      d56b38745664a799c5c2313bb3bbd2644881b3037b451629c749ff6948bf47c5

    • Size

      588KB

    • MD5

      51c204c9336625d7332fab8cd3349cd2

    • SHA1

      74a01ccd0353ce445c32bfd3c43b0ef54410fb8f

    • SHA256

      d56b38745664a799c5c2313bb3bbd2644881b3037b451629c749ff6948bf47c5

    • SHA512

      387b48362ddf4535782e9e1d5b8b6a7113ab67952bc2b1c4e5e2333e69208f46c73591ba47f66a30836c3f70b58d9cc79353769092761d5eef8aba2bb280cbe3

    • SSDEEP

      12288:qvN0f0Q8//b3IVPW3vjKWpe5z4LeDuUl8eDuUl7cl89jL/:eN0f0Q5PUjrpe58LRO1D

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks