General

  • Target

    2024-02-16_19fcb3ebad39e882cb8b6eda9ed0d461_magniber

  • Size

    3.9MB

  • Sample

    240216-r2eshscf49

  • MD5

    19fcb3ebad39e882cb8b6eda9ed0d461

  • SHA1

    9b5dd8057555a1316bbcd650fa75a00f4b651a11

  • SHA256

    2ea66b8fc2108326b629ba5ba00964e19f5f457b2546b2d01ac14f1470b6a6bf

  • SHA512

    7efea6178249a0ab9abf1a32e4bdc748447bcd221cd574f0ef308897bba0d4ba501a5b3a953910dda79807db61a23d343f6af7155c9ad645a50420eb1f6a5604

  • SSDEEP

    49152:aNlIBciRNuXuERr0xdRIAOChDJNaSks97KROdp2FUNe/RmX4OOZ5B0s8XgkmWuTk:aNlIB3RNIYGABDJNiOOd0TPmeRILh

Score
10/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2024-02-16_19fcb3ebad39e882cb8b6eda9ed0d461_magniber

    • Size

      3.9MB

    • MD5

      19fcb3ebad39e882cb8b6eda9ed0d461

    • SHA1

      9b5dd8057555a1316bbcd650fa75a00f4b651a11

    • SHA256

      2ea66b8fc2108326b629ba5ba00964e19f5f457b2546b2d01ac14f1470b6a6bf

    • SHA512

      7efea6178249a0ab9abf1a32e4bdc748447bcd221cd574f0ef308897bba0d4ba501a5b3a953910dda79807db61a23d343f6af7155c9ad645a50420eb1f6a5604

    • SSDEEP

      49152:aNlIBciRNuXuERr0xdRIAOChDJNaSks97KROdp2FUNe/RmX4OOZ5B0s8XgkmWuTk:aNlIB3RNIYGABDJNiOOd0TPmeRILh

    Score
    10/10
    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks