Overview

overview

10

Static

static

3

079c6a3256...0e.exe

windows7-x64

3

079c6a3256...0e.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    079c6a32567bfaf35e80049d5bdf460e

  • Size

    167KB

  • Sample

    231229-3ws9habdek

  • MD5

    079c6a32567bfaf35e80049d5bdf460e

  • SHA1

    a0a39e14103e68308e3ffb12b5fefe0787198863

  • SHA256

    4d2e65986ab85f873545419f611044b0c76c8193e1acecc991231386b2f979ef

  • SHA512

    7f813f820b3ebd0995fe5f8da928fb4efa46a1f2f2f87954bd13c7226f492ab8ed0a4d4f7fb65257ed6f457fb1cf23207390b7d3129fb36d39cb7d4309b0e598

  • SSDEEP

    3072:dNQKPWDyTI0fFJltZrpReFX3Jjw+oOes7kXjBFGwCDL69kEoXZX2YtNfVRt:dNSDyTIkFthpP+oQcBcREPhQNft

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      079c6a32567bfaf35e80049d5bdf460e

    • Size

      167KB

    • MD5

      079c6a32567bfaf35e80049d5bdf460e

    • SHA1

      a0a39e14103e68308e3ffb12b5fefe0787198863

    • SHA256

      4d2e65986ab85f873545419f611044b0c76c8193e1acecc991231386b2f979ef

    • SHA512

      7f813f820b3ebd0995fe5f8da928fb4efa46a1f2f2f87954bd13c7226f492ab8ed0a4d4f7fb65257ed6f457fb1cf23207390b7d3129fb36d39cb7d4309b0e598

    • SSDEEP

      3072:dNQKPWDyTI0fFJltZrpReFX3Jjw+oOes7kXjBFGwCDL69kEoXZX2YtNfVRt:dNSDyTIkFthpP+oQcBcREPhQNft

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks