Overview

overview

10

Static

static

5cc15956e0...ca.exe

windows7-x64

3

5cc15956e0...ca.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5cc15956e081b113955aa82356912fc21878db1d34e5037f230a5c068b249bca

  • Size

    483KB

  • Sample

    221003-w2dbxaafhn

  • MD5

    4385ccf2a9cda0dcd34e04701a84051d

  • SHA1

    fcff233674fff4aae2c7ef4b5404eaea4b7ca55f

  • SHA256

    5cc15956e081b113955aa82356912fc21878db1d34e5037f230a5c068b249bca

  • SHA512

    c31ce2b141748ea8fdaae50fb7bd18781da7e5d85e19a915af6e24166adfc8a0d6dc3d78f7813c20cb9df2815b9c77a3f07741a9bca8a4c6926807b19da4c46b

  • SSDEEP

    6144:ioLY3VafUTGekL7sHRn+ZZGzLI2hXWaBn4GgmRhXjxS6fgALAo4pg+dFu121GvOl:+MU/kviR+WzE2lBFr5zpN2EFBLehuq

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      5cc15956e081b113955aa82356912fc21878db1d34e5037f230a5c068b249bca

    • Size

      483KB

    • MD5

      4385ccf2a9cda0dcd34e04701a84051d

    • SHA1

      fcff233674fff4aae2c7ef4b5404eaea4b7ca55f

    • SHA256

      5cc15956e081b113955aa82356912fc21878db1d34e5037f230a5c068b249bca

    • SHA512

      c31ce2b141748ea8fdaae50fb7bd18781da7e5d85e19a915af6e24166adfc8a0d6dc3d78f7813c20cb9df2815b9c77a3f07741a9bca8a4c6926807b19da4c46b

    • SSDEEP

      6144:ioLY3VafUTGekL7sHRn+ZZGzLI2hXWaBn4GgmRhXjxS6fgALAo4pg+dFu121GvOl:+MU/kviR+WzE2lBFr5zpN2EFBLehuq

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks