Overview

overview

10

Static

static

f181fa2e6d...51.exe

windows7-x64

10

f181fa2e6d...51.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f181fa2e6d0f9e0803d78c0dfda2c3e1444e281c28f9bd74077ed6b600671c51

  • Size

    272KB

  • Sample

    221020-nplhrabgcn

  • MD5

    43020af4a9ec1dc0438e7a2d9dce9c40

  • SHA1

    1dbb6ee840baa6b98474e53768f83c5775ffc860

  • SHA256

    f181fa2e6d0f9e0803d78c0dfda2c3e1444e281c28f9bd74077ed6b600671c51

  • SHA512

    6e8ed6da7844b8036d9199c3a41b3dbd3089d670a1f8c8a17ca2639b653dadccee539249e4f2fedc893fd333f4a8d60884daa7276957779d1d1b51cf8e2b2285

  • SSDEEP

    3072:J8msdFdDen+FnFUFsYc6M29bcwzkGt62082E8J46B9D8Vq/92YUmLl9Mn2cSW1Ca:1eFdkKJ20SmDskUQQSW1KjqsDd2

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      f181fa2e6d0f9e0803d78c0dfda2c3e1444e281c28f9bd74077ed6b600671c51

    • Size

      272KB

    • MD5

      43020af4a9ec1dc0438e7a2d9dce9c40

    • SHA1

      1dbb6ee840baa6b98474e53768f83c5775ffc860

    • SHA256

      f181fa2e6d0f9e0803d78c0dfda2c3e1444e281c28f9bd74077ed6b600671c51

    • SHA512

      6e8ed6da7844b8036d9199c3a41b3dbd3089d670a1f8c8a17ca2639b653dadccee539249e4f2fedc893fd333f4a8d60884daa7276957779d1d1b51cf8e2b2285

    • SSDEEP

      3072:J8msdFdDen+FnFUFsYc6M29bcwzkGt62082E8J46B9D8Vq/92YUmLl9Mn2cSW1Ca:1eFdkKJ20SmDskUQQSW1KjqsDd2

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks