Overview

overview

10

Static

static

1

hxyr.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hxyr.pif

  • Size

    97KB

  • Sample

    230613-1pz3cscc51

  • MD5

    154d618f25422e4bce073a17c018049b

  • SHA1

    f98fca2cf9f7abd9312101ed52fe05e3beee4dff

  • SHA256

    44b713764a3b151804ac9f6caedc9d88b998d4fa2cabc93bf05506b58c910255

  • SHA512

    7678f1629cf0051d7de7d20fc47dc167eaf6ff4df3f99e5deaceee5f5bba1516bd71c2ad06cf26c405f4d494e6ad4fab5b163d38c703d3ccb02ee0d897925525

  • SSDEEP

    3072:XeaqDx6e8HUw6B7hFBa6JVMJll1o0fC/8QhB+j:Xb3Uw6pBa64ziV/8cB

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      hxyr.pif

    • Size

      97KB

    • MD5

      154d618f25422e4bce073a17c018049b

    • SHA1

      f98fca2cf9f7abd9312101ed52fe05e3beee4dff

    • SHA256

      44b713764a3b151804ac9f6caedc9d88b998d4fa2cabc93bf05506b58c910255

    • SHA512

      7678f1629cf0051d7de7d20fc47dc167eaf6ff4df3f99e5deaceee5f5bba1516bd71c2ad06cf26c405f4d494e6ad4fab5b163d38c703d3ccb02ee0d897925525

    • SSDEEP

      3072:XeaqDx6e8HUw6B7hFBa6JVMJll1o0fC/8QhB+j:Xb3Uw6pBa64ziV/8cB

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks