Overview

overview

10

Static

static

9ccbba9990...b7.exe

windows7-x64

10

9ccbba9990...b7.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9ccbba9990e9934e369630e8d2116ce7a2f7ce8647172be3e6ee64189a9cb7b7

  • Size

    954KB

  • Sample

    221010-3hpddsecbp

  • MD5

    62ffefe40d27d4ca5b89eefd067c97d1

  • SHA1

    98957479f5b2407b9fe5f7b08102ef133a48febf

  • SHA256

    9ccbba9990e9934e369630e8d2116ce7a2f7ce8647172be3e6ee64189a9cb7b7

  • SHA512

    1befeef5c82fe0ef56659793ee80b7fca08c24a9245d0cffa636407837252f661e7324427489e533c3b63a07d5fba5762a05e2c82bbdb0d8831b1000c2a7352a

  • SSDEEP

    12288:rqpJSbYPnrNnwY5QnwY5gqiAmokDRqZRX4MVb0UPzW8NnLtoyxGNf041U:rqpobcrJ8vmoCmN4MVVnxLtPxr41U

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      9ccbba9990e9934e369630e8d2116ce7a2f7ce8647172be3e6ee64189a9cb7b7

    • Size

      954KB

    • MD5

      62ffefe40d27d4ca5b89eefd067c97d1

    • SHA1

      98957479f5b2407b9fe5f7b08102ef133a48febf

    • SHA256

      9ccbba9990e9934e369630e8d2116ce7a2f7ce8647172be3e6ee64189a9cb7b7

    • SHA512

      1befeef5c82fe0ef56659793ee80b7fca08c24a9245d0cffa636407837252f661e7324427489e533c3b63a07d5fba5762a05e2c82bbdb0d8831b1000c2a7352a

    • SSDEEP

      12288:rqpJSbYPnrNnwY5QnwY5gqiAmokDRqZRX4MVb0UPzW8NnLtoyxGNf041U:rqpobcrJ8vmoCmN4MVVnxLtPxr41U

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks