Overview

overview

10

Static

static

8

916c3c52c3...96.exe

windows7-x64

8

916c3c52c3...96.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    916c3c52c3442ab1f8de312466894b5a3c880072a17249c9e86e461fe3758a96

  • Size

    358KB

  • Sample

    221129-hzs3paba6w

  • MD5

    a60e7bf353ef320cb8f8082c09e136fc

  • SHA1

    ff280b2519b6c30f7a0ad48af9922bd510d8f172

  • SHA256

    916c3c52c3442ab1f8de312466894b5a3c880072a17249c9e86e461fe3758a96

  • SHA512

    c0d0d2e3e9a38f5fb662e8befe22817bc973b8ea527c76282c08c5521c42146dd306d3df603fced9fdd5fc986a4b52d65b1f529d3c68163a081e72cc6379753e

  • SSDEEP

    6144:GyTYVd5dCC0E8zTSNwpLDPQhmm1rEkosSHwoSFbSK2C6uSl3:GysV57hriRPQwDQoSFbH2OSl3

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      916c3c52c3442ab1f8de312466894b5a3c880072a17249c9e86e461fe3758a96

    • Size

      358KB

    • MD5

      a60e7bf353ef320cb8f8082c09e136fc

    • SHA1

      ff280b2519b6c30f7a0ad48af9922bd510d8f172

    • SHA256

      916c3c52c3442ab1f8de312466894b5a3c880072a17249c9e86e461fe3758a96

    • SHA512

      c0d0d2e3e9a38f5fb662e8befe22817bc973b8ea527c76282c08c5521c42146dd306d3df603fced9fdd5fc986a4b52d65b1f529d3c68163a081e72cc6379753e

    • SSDEEP

      6144:GyTYVd5dCC0E8zTSNwpLDPQhmm1rEkosSHwoSFbSK2C6uSl3:GysV57hriRPQwDQoSFbH2OSl3

    Score
    10/10
    upxsalitybackdoorevasiontrojan

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks