Overview

overview

10

Static

static

3

3a7494d02a...JC.exe

windows7-x64

10

3a7494d02a...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a7494d02a5a5aexeexe_JC.exe

  • Size

    861KB

  • Sample

    230715-mzankahg72

  • MD5

    3a7494d02a5a5ade4b0d075d9f36c829

  • SHA1

    d52cf224ab3395b96fff21c2e8ba8f33568facd7

  • SHA256

    d3de6559b5939f444f480a9850da089504fed3ae6f6b3c480656c9f7afa2d3a7

  • SHA512

    3643dafe6c2553d5247e3712989e32bdb124df0dd01881f5004803a406f116b7dd144bc1d6d1a50a0c9f191fc6bf0c01e6d2d7fd02f4b8f2c6dac373aa42dd24

  • SSDEEP

    12288:p/AwQ9izQ46IOwAyK09vRlN3LUcqC0ERIV0c3Ul:p/AwQOdOwRLlN3L1qC0ERImDl

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      3a7494d02a5a5aexeexe_JC.exe

    • Size

      861KB

    • MD5

      3a7494d02a5a5ade4b0d075d9f36c829

    • SHA1

      d52cf224ab3395b96fff21c2e8ba8f33568facd7

    • SHA256

      d3de6559b5939f444f480a9850da089504fed3ae6f6b3c480656c9f7afa2d3a7

    • SHA512

      3643dafe6c2553d5247e3712989e32bdb124df0dd01881f5004803a406f116b7dd144bc1d6d1a50a0c9f191fc6bf0c01e6d2d7fd02f4b8f2c6dac373aa42dd24

    • SSDEEP

      12288:p/AwQ9izQ46IOwAyK09vRlN3LUcqC0ERIV0c3Ul:p/AwQOdOwRLlN3L1qC0ERImDl

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks