Overview

overview

10

Static

static

8

53a8e47767...37.exe

windows7-x64

10

53a8e47767...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53a8e477674b1ed3c7efdf9edac4fbdaf4ff11eda149d0c3fa46bd53ae744037

  • Size

    111KB

  • Sample

    221002-esby2sgde8

  • MD5

    6fef69d4965a5e93ac2a3188fb529c73

  • SHA1

    13f1165099fda78ba6aa13c874d8c30769091fd3

  • SHA256

    53a8e477674b1ed3c7efdf9edac4fbdaf4ff11eda149d0c3fa46bd53ae744037

  • SHA512

    3321ed7db43ec9116a57dcd6de616e52bbba298405fe2f6245b909cafa3b93c2dec8a9405cf4570cb9f8af8002d2441a3961c16ebed6315ee9255ddd2a95287a

  • SSDEEP

    3072:hNa6f10iJ31OM75l5X/TBxbHor/Hgwr8N09+N3B4L:hZ1vJ4Elh/TQr/Aq8N0oc

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      53a8e477674b1ed3c7efdf9edac4fbdaf4ff11eda149d0c3fa46bd53ae744037

    • Size

      111KB

    • MD5

      6fef69d4965a5e93ac2a3188fb529c73

    • SHA1

      13f1165099fda78ba6aa13c874d8c30769091fd3

    • SHA256

      53a8e477674b1ed3c7efdf9edac4fbdaf4ff11eda149d0c3fa46bd53ae744037

    • SHA512

      3321ed7db43ec9116a57dcd6de616e52bbba298405fe2f6245b909cafa3b93c2dec8a9405cf4570cb9f8af8002d2441a3961c16ebed6315ee9255ddd2a95287a

    • SSDEEP

      3072:hNa6f10iJ31OM75l5X/TBxbHor/Hgwr8N09+N3B4L:hZ1vJ4Elh/TQr/Aq8N0oc

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks