Overview

overview

10

Static

static

8

b093d3f3f9...81.exe

windows7-x64

10

b093d3f3f9...81.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b093d3f3f9585c8e3f8177807b7a65770560705fbebf4a8d9fec9ccf6c5ba981

  • Size

    436KB

  • Sample

    221011-nbfeksbgc2

  • MD5

    6527c52c774bd647a0333e3096aeeb62

  • SHA1

    f3b0a6739fb9eec86c6d4e92a65f80741cb183b6

  • SHA256

    b093d3f3f9585c8e3f8177807b7a65770560705fbebf4a8d9fec9ccf6c5ba981

  • SHA512

    88a5dd9e00281cef00961a276643b562f65a47e5fe00ca5f2b13be0938f984dcfc69fe50edc25e7d92188f5acc14ad4cd6972c4e3b364222e14b004a5b1b5232

  • SSDEEP

    12288:bDbBU7GbWHudH31NKhxa3eteZzf8dyN1vZnO3ReV2vdZ1:IGbHd1EbpttyNzO02H1

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      b093d3f3f9585c8e3f8177807b7a65770560705fbebf4a8d9fec9ccf6c5ba981

    • Size

      436KB

    • MD5

      6527c52c774bd647a0333e3096aeeb62

    • SHA1

      f3b0a6739fb9eec86c6d4e92a65f80741cb183b6

    • SHA256

      b093d3f3f9585c8e3f8177807b7a65770560705fbebf4a8d9fec9ccf6c5ba981

    • SHA512

      88a5dd9e00281cef00961a276643b562f65a47e5fe00ca5f2b13be0938f984dcfc69fe50edc25e7d92188f5acc14ad4cd6972c4e3b364222e14b004a5b1b5232

    • SSDEEP

      12288:bDbBU7GbWHudH31NKhxa3eteZzf8dyN1vZnO3ReV2vdZ1:IGbHd1EbpttyNzO02H1

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks