Overview

overview

10

Static

static

3

dc75bff59a...b3.exe

windows7-x64

10

dc75bff59a...b3.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    dc75bff59aec501be8b988435af31130f25469d19941e95b1a07e155938552b3

  • Size

    139KB

  • Sample

    240327-blybxsbg2y

  • MD5

    2228911c83dab557c4c8719562855466

  • SHA1

    6d1cc51e9f0d2b6a4629781430b959a406e26a11

  • SHA256

    dc75bff59aec501be8b988435af31130f25469d19941e95b1a07e155938552b3

  • SHA512

    3cd2a17a6a2c69b1ed14f35d6107ef7dde1e86cc842f3da9fdee5326fedcd8e6063faa480baa3d64ef45f6e4ed94f7ff0db76c451e9f04d25e07084302dbf3f4

  • SSDEEP

    3072:VdVgTNUfQ8AVoGMsuxQwe02lxvjdsePRkxcC6QEoK9t:VdVgTNUfQ80b02nvjdseOmdQEl9t

Score
10/10
salitybackdoorupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      dc75bff59aec501be8b988435af31130f25469d19941e95b1a07e155938552b3

    • Size

      139KB

    • MD5

      2228911c83dab557c4c8719562855466

    • SHA1

      6d1cc51e9f0d2b6a4629781430b959a406e26a11

    • SHA256

      dc75bff59aec501be8b988435af31130f25469d19941e95b1a07e155938552b3

    • SHA512

      3cd2a17a6a2c69b1ed14f35d6107ef7dde1e86cc842f3da9fdee5326fedcd8e6063faa480baa3d64ef45f6e4ed94f7ff0db76c451e9f04d25e07084302dbf3f4

    • SSDEEP

      3072:VdVgTNUfQ8AVoGMsuxQwe02lxvjdsePRkxcC6QEoK9t:VdVgTNUfQ80b02nvjdseOmdQEl9t

    Score
    10/10
    salitybackdoorupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks