Overview

overview

10

Static

static

25c4cdd814...28.exe

windows7-x64

1

25c4cdd814...28.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    25c4cdd8140c958f832021f3b2d4df81d4cc09d55cec867fa279ca60521e1a28

  • Size

    144KB

  • Sample

    221106-x4at8sbcer

  • MD5

    0413a7fe0b9e8de5a61261b558a2c421

  • SHA1

    67b8c5552c6077aabee26492c9f47dd8b3d6b401

  • SHA256

    25c4cdd8140c958f832021f3b2d4df81d4cc09d55cec867fa279ca60521e1a28

  • SHA512

    08f6980849abfb7fa3539e0ba1b7b0c419f3f308cb54012730147f534c49a42d2c74f8445e9261e05cede29db63d60682781598d0bd237064e40a9695ebaee93

  • SSDEEP

    3072:lONQKPWDytReiJltZrpRcSRksRGRxyojNFRFh5FEVLSkqGHtfj:ENSDytRzthp/VsN/Fh5FUVqGHh

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      25c4cdd8140c958f832021f3b2d4df81d4cc09d55cec867fa279ca60521e1a28

    • Size

      144KB

    • MD5

      0413a7fe0b9e8de5a61261b558a2c421

    • SHA1

      67b8c5552c6077aabee26492c9f47dd8b3d6b401

    • SHA256

      25c4cdd8140c958f832021f3b2d4df81d4cc09d55cec867fa279ca60521e1a28

    • SHA512

      08f6980849abfb7fa3539e0ba1b7b0c419f3f308cb54012730147f534c49a42d2c74f8445e9261e05cede29db63d60682781598d0bd237064e40a9695ebaee93

    • SSDEEP

      3072:lONQKPWDytReiJltZrpRcSRksRGRxyojNFRFh5FEVLSkqGHtfj:ENSDytRzthp/VsN/Fh5FUVqGHh

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks