Overview

overview

10

Static

static

8

b11fcb34cd...6b.exe

windows7-x64

10

b11fcb34cd...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b11fcb34cd8188d791893c7b83bdd23858ab7a3499374a1b898b838781dc946b

  • Size

    158KB

  • Sample

    221003-ehtq4sgdhm

  • MD5

    60fe02784d6c0fb54306dea15e1eb980

  • SHA1

    ab942bb6e3f103f73bbcf886b0769847d8a1bf61

  • SHA256

    b11fcb34cd8188d791893c7b83bdd23858ab7a3499374a1b898b838781dc946b

  • SHA512

    4efc7594e061fb623029a8b63cb97c99d7c2162b63c49e4ec64c4b8c2588044d8766215ab0339404cf9326294820a9ecba0ff86b608c2b5a325a651f13f3cf72

  • SSDEEP

    3072:lJR0uD7I+HrypUZa4l/pqWWQVxBCZq58GwrsXx4Mx:lJyuXI+8UZamlj581Ih4Mx

Score
10/10
metasploitsalitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      b11fcb34cd8188d791893c7b83bdd23858ab7a3499374a1b898b838781dc946b

    • Size

      158KB

    • MD5

      60fe02784d6c0fb54306dea15e1eb980

    • SHA1

      ab942bb6e3f103f73bbcf886b0769847d8a1bf61

    • SHA256

      b11fcb34cd8188d791893c7b83bdd23858ab7a3499374a1b898b838781dc946b

    • SHA512

      4efc7594e061fb623029a8b63cb97c99d7c2162b63c49e4ec64c4b8c2588044d8766215ab0339404cf9326294820a9ecba0ff86b608c2b5a325a651f13f3cf72

    • SSDEEP

      3072:lJR0uD7I+HrypUZa4l/pqWWQVxBCZq58GwrsXx4Mx:lJyuXI+8UZamlj581Ih4Mx

    Score
    10/10
    metasploitsalitybackdoorevasiontrojanupx

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks