Overview

overview

8

Static

static

Salad-0.5.4.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Salad-0.5.4.exe

  • Size

    59.2MB

  • Sample

    221101-wr4fcaehdp

  • MD5

    ef694ba643abe78d50b2e252fd43e8b2

  • SHA1

    d46548d9865ef19b5cea5c8a80b15fec9892ee9c

  • SHA256

    6b35dbd03ce8a1f99229ecf8aaa8639b14bd23e7a2bcf4dd090c4c78a2990be9

  • SHA512

    74d9d6d751bbd35a3dd11a6d63ef982184499729f7e9f88dadb6b85ebd335a4a68e45d131b5ddf8e2d40700d9d57b9b9fde9ed1c094122b2326225f3f70fe1c1

  • SSDEEP

    1572864:600upvNEF7DG3OfjnmFIq412keZJHdd6nleO:600upvNE7D/jn1qQhejdY0O

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      Salad-0.5.4.exe

    • Size

      59.2MB

    • MD5

      ef694ba643abe78d50b2e252fd43e8b2

    • SHA1

      d46548d9865ef19b5cea5c8a80b15fec9892ee9c

    • SHA256

      6b35dbd03ce8a1f99229ecf8aaa8639b14bd23e7a2bcf4dd090c4c78a2990be9

    • SHA512

      74d9d6d751bbd35a3dd11a6d63ef982184499729f7e9f88dadb6b85ebd335a4a68e45d131b5ddf8e2d40700d9d57b9b9fde9ed1c094122b2326225f3f70fe1c1

    • SSDEEP

      1572864:600upvNEF7DG3OfjnmFIq412keZJHdd6nleO:600upvNE7D/jn1qQhejdY0O

    Score
    8/10
    discoverypersistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks