Overview

overview

10

Static

static

954505447f...ab.exe

windows7-x64

10

954505447f...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    954505447f1621e49c762a63e3e1ebfe94cc95a54ab236dcfa8ea516934e31ab

  • Size

    1.0MB

  • Sample

    221123-z3dkvahe2s

  • MD5

    df2d170f275cf20637bd8fa5c4530718

  • SHA1

    6b565cf423dcff905bdb96ea270fb64bf8e875ef

  • SHA256

    954505447f1621e49c762a63e3e1ebfe94cc95a54ab236dcfa8ea516934e31ab

  • SHA512

    9b716b6098ce21919d6743aa81e8acc8e62b1d90c2495ada2a5e4d1dd4b617052427b101e89e2a2a129dcfccc56db6bf0bbee78b7ed2f1da40a68fe0946990f0

  • SSDEEP

    24576:OYo115g/HdWvWnxFnRzKisy9iJFu6mZuKxB7P/3F:03g/Hd2WnxFTsy9w1mZuKxZ3F

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      954505447f1621e49c762a63e3e1ebfe94cc95a54ab236dcfa8ea516934e31ab

    • Size

      1.0MB

    • MD5

      df2d170f275cf20637bd8fa5c4530718

    • SHA1

      6b565cf423dcff905bdb96ea270fb64bf8e875ef

    • SHA256

      954505447f1621e49c762a63e3e1ebfe94cc95a54ab236dcfa8ea516934e31ab

    • SHA512

      9b716b6098ce21919d6743aa81e8acc8e62b1d90c2495ada2a5e4d1dd4b617052427b101e89e2a2a129dcfccc56db6bf0bbee78b7ed2f1da40a68fe0946990f0

    • SSDEEP

      24576:OYo115g/HdWvWnxFnRzKisy9iJFu6mZuKxB7P/3F:03g/Hd2WnxFTsy9w1mZuKxZ3F

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks