Overview

overview

10

Static

static

b10f51bbab...62.exe

windows7-x64

10

b10f51bbab...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b10f51bbabe17a8323cac5ea4d74fd4721881d9d89601ecf02d9f92770e52d62

  • Size

    100KB

  • Sample

    221205-p5p2jsfc4v

  • MD5

    38ffb7cb7e2a31313ba03380d9ae110d

  • SHA1

    67cf97db814e008022a75e49523dfbbbd192e1d6

  • SHA256

    b10f51bbabe17a8323cac5ea4d74fd4721881d9d89601ecf02d9f92770e52d62

  • SHA512

    853d872f9360eba46cab645e1ff3422d1393bccf870660c80f400e11d58e6f2a76f6809be48f705b06d5473b543bb8fe0a3bb6a80897bf4bfbe77d31c93dba0f

  • SSDEEP

    1536:G0l74IK/AHuMpP/6wbbSnUHzHYjqxNMedI0:GCOAHZNNSnAYKl20

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      b10f51bbabe17a8323cac5ea4d74fd4721881d9d89601ecf02d9f92770e52d62

    • Size

      100KB

    • MD5

      38ffb7cb7e2a31313ba03380d9ae110d

    • SHA1

      67cf97db814e008022a75e49523dfbbbd192e1d6

    • SHA256

      b10f51bbabe17a8323cac5ea4d74fd4721881d9d89601ecf02d9f92770e52d62

    • SHA512

      853d872f9360eba46cab645e1ff3422d1393bccf870660c80f400e11d58e6f2a76f6809be48f705b06d5473b543bb8fe0a3bb6a80897bf4bfbe77d31c93dba0f

    • SSDEEP

      1536:G0l74IK/AHuMpP/6wbbSnUHzHYjqxNMedI0:GCOAHZNNSnAYKl20

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks