Overview

overview

10

Static

static

3b741529eb...7d.exe

windows7-x64

10

3b741529eb...7d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b741529eb8d04c3faaf76fc16162664301b2a70b45a27c8bdd0ed15ebc3d87d

  • Size

    100KB

  • Sample

    221129-h3711sbd4v

  • MD5

    3137dbfdb23efc12a6daf811c75bd07c

  • SHA1

    a4b64f1da64c9ea3c98a30e5cf024ce3ef585394

  • SHA256

    3b741529eb8d04c3faaf76fc16162664301b2a70b45a27c8bdd0ed15ebc3d87d

  • SHA512

    ce5dad2e3f0d852f7ccebf1c92ce5956aa9af2447e36a77357f43c57a1a02aaee2870f4a26f12f7d7b5a47b79499818848af46bbbd00c9ba5be869709442c511

  • SSDEEP

    1536:MFwpfJz8Lzp3rXOHG5bhq+rN29ylwfCNegyH+9V3QPBh88:MFwldEbkGRrUIwfDFiV3QPvf

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      3b741529eb8d04c3faaf76fc16162664301b2a70b45a27c8bdd0ed15ebc3d87d

    • Size

      100KB

    • MD5

      3137dbfdb23efc12a6daf811c75bd07c

    • SHA1

      a4b64f1da64c9ea3c98a30e5cf024ce3ef585394

    • SHA256

      3b741529eb8d04c3faaf76fc16162664301b2a70b45a27c8bdd0ed15ebc3d87d

    • SHA512

      ce5dad2e3f0d852f7ccebf1c92ce5956aa9af2447e36a77357f43c57a1a02aaee2870f4a26f12f7d7b5a47b79499818848af46bbbd00c9ba5be869709442c511

    • SSDEEP

      1536:MFwpfJz8Lzp3rXOHG5bhq+rN29ylwfCNegyH+9V3QPBh88:MFwldEbkGRrUIwfDFiV3QPvf

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks