Overview

overview

10

Static

static

b1c4e7c9a9...6e.exe

windows7-x64

10

b1c4e7c9a9...6e.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b1c4e7c9a94e54b19160234dc8f3f18d7e92f2d924ed557bc1c71252f62f526e

  • Size

    889KB

  • Sample

    221028-x7rbdscdc9

  • MD5

    0c08b38a393a88e72c3d76b014e92900

  • SHA1

    7388591361b984c00eb1d2720036ae54e387aab2

  • SHA256

    b1c4e7c9a94e54b19160234dc8f3f18d7e92f2d924ed557bc1c71252f62f526e

  • SHA512

    4f0f3179aec3019135e09ea4f6c4988ffc4e3de2f433e2277bbb08929a6054d457adcd3576f4d12b76f8c5658093b81ee506710f70289f6d0ecab2a29c11bfc8

  • SSDEEP

    12288:54oTsushrCDGpbqnC0+l/L5aeGpiH22Agk6DSwTSTMfkPq8W6u7Qw:54oTPkCgwCbae/Fk6ONgcdEx

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      b1c4e7c9a94e54b19160234dc8f3f18d7e92f2d924ed557bc1c71252f62f526e

    • Size

      889KB

    • MD5

      0c08b38a393a88e72c3d76b014e92900

    • SHA1

      7388591361b984c00eb1d2720036ae54e387aab2

    • SHA256

      b1c4e7c9a94e54b19160234dc8f3f18d7e92f2d924ed557bc1c71252f62f526e

    • SHA512

      4f0f3179aec3019135e09ea4f6c4988ffc4e3de2f433e2277bbb08929a6054d457adcd3576f4d12b76f8c5658093b81ee506710f70289f6d0ecab2a29c11bfc8

    • SSDEEP

      12288:54oTsushrCDGpbqnC0+l/L5aeGpiH22Agk6DSwTSTMfkPq8W6u7Qw:54oTPkCgwCbae/Fk6ONgcdEx

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks