Overview

overview

10

Static

static

9c23f27d1e...1e.exe

windows7-x64

10

9c23f27d1e...1e.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9c23f27d1e73c80db53f91ef37e8ba36bef7545696b741566f60eef318e4011e

  • Size

    221KB

  • Sample

    221011-1yjrqsgdf7

  • MD5

    61d3774aa13f28e419468eb2633b3a00

  • SHA1

    337d49d584ac3741c43f797f4e69c9279d8a9e86

  • SHA256

    9c23f27d1e73c80db53f91ef37e8ba36bef7545696b741566f60eef318e4011e

  • SHA512

    33c5f5b1c9d8ae6648bd2e75aed913406097c16fd6811969054117a6fb708e7accc4d420e4f4541aee47c880f078730bf0a42caab9ba55db0dc16412de07a492

  • SSDEEP

    3072:jW3QDzVOX5IC6EXGE180znFtBWqAlKHVBqmPjZqMN4739LOMQKJhVkSe5RZ5m7wA:3Dxo5IpEXGWZFymZvg39qJkhVkLR1Hg

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      9c23f27d1e73c80db53f91ef37e8ba36bef7545696b741566f60eef318e4011e

    • Size

      221KB

    • MD5

      61d3774aa13f28e419468eb2633b3a00

    • SHA1

      337d49d584ac3741c43f797f4e69c9279d8a9e86

    • SHA256

      9c23f27d1e73c80db53f91ef37e8ba36bef7545696b741566f60eef318e4011e

    • SHA512

      33c5f5b1c9d8ae6648bd2e75aed913406097c16fd6811969054117a6fb708e7accc4d420e4f4541aee47c880f078730bf0a42caab9ba55db0dc16412de07a492

    • SSDEEP

      3072:jW3QDzVOX5IC6EXGE180znFtBWqAlKHVBqmPjZqMN4739LOMQKJhVkSe5RZ5m7wA:3Dxo5IpEXGWZFymZvg39qJkhVkLR1Hg

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks