Overview

overview

10

Static

static

8

fed9663bc1...52.exe

windows7-x64

10

fed9663bc1...52.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    fed9663bc195a0ea54dd575b90f26c87e55c4a07b169258bd0bb12fc0a587752

  • Size

    533KB

  • Sample

    221003-af4fbagec3

  • MD5

    00aaa834c1c54bfd6ca8b3b176b3c7c0

  • SHA1

    9efdc2616485eee584edd7f0a662b7b8b4f332c7

  • SHA256

    fed9663bc195a0ea54dd575b90f26c87e55c4a07b169258bd0bb12fc0a587752

  • SHA512

    5c63e2414f3a791accdfd889257ca9b798979c926d0c74e9c2138b4ac8263994470f6ea10b9be7dea63914e2595726d1dfded3452860e506d42b9017ad204ac0

  • SSDEEP

    12288:7tD66Lb15BvvwGY+y4F4AApCwxrw3C1W7Kf21zwk:fbRvvvYKFypCX3AW7G4zw

Score
10/10
salitybackdoorevasionpersistencetrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      fed9663bc195a0ea54dd575b90f26c87e55c4a07b169258bd0bb12fc0a587752

    • Size

      533KB

    • MD5

      00aaa834c1c54bfd6ca8b3b176b3c7c0

    • SHA1

      9efdc2616485eee584edd7f0a662b7b8b4f332c7

    • SHA256

      fed9663bc195a0ea54dd575b90f26c87e55c4a07b169258bd0bb12fc0a587752

    • SHA512

      5c63e2414f3a791accdfd889257ca9b798979c926d0c74e9c2138b4ac8263994470f6ea10b9be7dea63914e2595726d1dfded3452860e506d42b9017ad204ac0

    • SSDEEP

      12288:7tD66Lb15BvvwGY+y4F4AApCwxrw3C1W7Kf21zwk:fbRvvvYKFypCX3AW7G4zw

    Score
    10/10
    salitybackdoorevasionpersistencetrojanupx

    • Modifies firewall policy service

      evasion

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables cmd.exe use via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks