Extracted

• • Target

    NEAS.693c14bc43b49bae8d393fe1c5a51300_JC.exe

  • Size

    368KB

  • MD5

    693c14bc43b49bae8d393fe1c5a51300

  • SHA1

    445c720c5628b40e9bc90b846873b1b79289da10

  • SHA256

    5b6162ddd7028e8373edf5cb507aa7a984f13f289ab259a71573a40ed66a9450

  • SHA512

    55f5269d7202c637a302c4adcef894562a8c20708ca2ea90dd19e194aef0ac53d68a7ca03f103c29cf28ec7d7fc03c54eeb817b3f8ece2cc7b1255e1df0cb0d2

  • SSDEEP

    3072:zo4L5tpV+CSA1AAPoCpxW5ATBfUNjpS1svkTVC9FieYTTLprx/m3qT4S826guKqu:FtpvoCpcNQ1jQdiG/2UzuEP/Nnrry

  Score

  10^/10

  salitybackdoorevasiontrojanupxpersistence

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Adds policy Run key to start application

    persistence

  • Drops file in Drivers directory

  • Sets file execution options in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Modifies system executable filetype association

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  behavioral1behavioral2