Overview

overview

10

Static

static

c60d4fe26a...13.exe

windows7-x64

3

c60d4fe26a...13.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c60d4fe26ad6a355935bc573366b708fb9a93477ebfb8693355a54e298837513

  • Size

    973KB

  • Sample

    221003-wsgb7sacb4

  • MD5

    062fba2d110a604e48f02b55de72f330

  • SHA1

    45be99d6dcf83e70d0aecac9aca6a1078728fdc9

  • SHA256

    c60d4fe26ad6a355935bc573366b708fb9a93477ebfb8693355a54e298837513

  • SHA512

    3b7e45c83e3c864ad2157bfba151687a3f5bac69f216bbc8e543f152580a1d1c60222923a8efde558b5602ff988336a8275205e0c55f7d5b7627366d393cda70

  • SSDEEP

    24576:s79Haaa8YKiUh5YkbmMo2+GpLJ/MvCay1HldUKgINRn4:s7YaaTzUhVbmMn+g/sCHdvUA4

Score
10/10
salitybackdoorbootkitevasionpersistencetrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      c60d4fe26ad6a355935bc573366b708fb9a93477ebfb8693355a54e298837513

    • Size

      973KB

    • MD5

      062fba2d110a604e48f02b55de72f330

    • SHA1

      45be99d6dcf83e70d0aecac9aca6a1078728fdc9

    • SHA256

      c60d4fe26ad6a355935bc573366b708fb9a93477ebfb8693355a54e298837513

    • SHA512

      3b7e45c83e3c864ad2157bfba151687a3f5bac69f216bbc8e543f152580a1d1c60222923a8efde558b5602ff988336a8275205e0c55f7d5b7627366d393cda70

    • SSDEEP

      24576:s79Haaa8YKiUh5YkbmMo2+GpLJ/MvCay1HldUKgINRn4:s7YaaTzUhVbmMn+g/sCHdvUA4

    Score
    10/10
    salitybackdoorbootkitevasionpersistencetrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks