Overview

overview

10

Static

static

bf3a70d9b2...38.exe

windows7-x64

10

bf3a70d9b2...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf3a70d9b2f71b9e2209ef2bb5dd77f30298db354fdf40121bc71171e387ca38

  • Size

    228KB

  • Sample

    221029-v3gkaagba5

  • MD5

    84e9bb864348a36e838ae93a180b2e9c

  • SHA1

    8c4ba31cac745bf2fa7ec2d9dca56f9adaee5a77

  • SHA256

    bf3a70d9b2f71b9e2209ef2bb5dd77f30298db354fdf40121bc71171e387ca38

  • SHA512

    d3c7465095a7664bb35e1a4ce660e015d2e99f4397db678b8bda405443d300e2a343963823ca9764660b99a7292ac4a0dcad7953c237bf844ece0337878120ac

  • SSDEEP

    3072:N55vchVZLzcnyCue3rWQWGIahvXvo/iCai1OGDmDlTsHGcu8NEg8Q/nxXI3hkn:N70ZCfXvIzMemRTsHxuFIxXkhS

Score
10/10
ramnitsalitybackdoorbankerevasionspywarestealertrojanupxworm

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      bf3a70d9b2f71b9e2209ef2bb5dd77f30298db354fdf40121bc71171e387ca38

    • Size

      228KB

    • MD5

      84e9bb864348a36e838ae93a180b2e9c

    • SHA1

      8c4ba31cac745bf2fa7ec2d9dca56f9adaee5a77

    • SHA256

      bf3a70d9b2f71b9e2209ef2bb5dd77f30298db354fdf40121bc71171e387ca38

    • SHA512

      d3c7465095a7664bb35e1a4ce660e015d2e99f4397db678b8bda405443d300e2a343963823ca9764660b99a7292ac4a0dcad7953c237bf844ece0337878120ac

    • SSDEEP

      3072:N55vchVZLzcnyCue3rWQWGIahvXvo/iCai1OGDmDlTsHGcu8NEg8Q/nxXI3hkn:N70ZCfXvIzMemRTsHxuFIxXkhS

    Score
    10/10
    salitybackdoorevasiontrojanupxramnitbankerspywarestealerworm

    • Modifies firewall policy service

      evasion

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks