Overview

overview

10

Static

static

5a5706b07b...df.exe

windows7-x64

1

5a5706b07b...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a5706b07bfda32066f7bbd89b986ed6016635b52b04292756c4043ca8af65df

  • Size

    1.2MB

  • Sample

    221123-xh3ccsaa9z

  • MD5

    1687a6ed6bd0188373ed7cb01320addb

  • SHA1

    334325beba93ab3270fb225b07dd6394dfa30056

  • SHA256

    5a5706b07bfda32066f7bbd89b986ed6016635b52b04292756c4043ca8af65df

  • SHA512

    26c9ad9ab9fe32bfebea061a3595cfb80824d854828f7d2ee00933c3028846f9d4b2e667133ccbb55b40a984a633772b03d5e2e25cbe48178a0797c656ef733e

  • SSDEEP

    24576:Z/m5HfmQjwOFB+f6iMUfdFfE0YH8N4I0i7vXM3+63TXe25GFcA:ifmQjwcUfdFfEt3Y7vX/CTtGFJ

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      5a5706b07bfda32066f7bbd89b986ed6016635b52b04292756c4043ca8af65df

    • Size

      1.2MB

    • MD5

      1687a6ed6bd0188373ed7cb01320addb

    • SHA1

      334325beba93ab3270fb225b07dd6394dfa30056

    • SHA256

      5a5706b07bfda32066f7bbd89b986ed6016635b52b04292756c4043ca8af65df

    • SHA512

      26c9ad9ab9fe32bfebea061a3595cfb80824d854828f7d2ee00933c3028846f9d4b2e667133ccbb55b40a984a633772b03d5e2e25cbe48178a0797c656ef733e

    • SSDEEP

      24576:Z/m5HfmQjwOFB+f6iMUfdFfE0YH8N4I0i7vXM3+63TXe25GFcA:ifmQjwcUfdFfEt3Y7vX/CTtGFJ

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks