Overview

overview

10

Static

static

3

188404124e...6a.exe

windows7-x64

3

188404124e...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    188404124e80dd746f7a3eef0e3c058f3ca20a28f61e05e0e874d9d3d8766f6a

  • Size

    11.5MB

  • Sample

    240331-rax5sade56

  • MD5

    28888bd9ca38693de7a63b68b49ea57e

  • SHA1

    33386637a11a825a77d38336f6435199d460b1f4

  • SHA256

    188404124e80dd746f7a3eef0e3c058f3ca20a28f61e05e0e874d9d3d8766f6a

  • SHA512

    9f6ff1be7bc3e164c2a975213d77bc6bf5f2db35246758bf9c9eb7b40241b0d096e4e32c329abc4adba1eba8da20e9d1b8711ed9803b454aee8386bce57a9962

  • SSDEEP

    196608:vwwmggPmkzg3h4kwDy9cWWfIqw2XRJ2NFEzvwr3RDjRJQLY1vaWoA7fxFgRg8y:vjqx0R9kyTWfnwkRINmTyFjILcvabArL

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      188404124e80dd746f7a3eef0e3c058f3ca20a28f61e05e0e874d9d3d8766f6a

    • Size

      11.5MB

    • MD5

      28888bd9ca38693de7a63b68b49ea57e

    • SHA1

      33386637a11a825a77d38336f6435199d460b1f4

    • SHA256

      188404124e80dd746f7a3eef0e3c058f3ca20a28f61e05e0e874d9d3d8766f6a

    • SHA512

      9f6ff1be7bc3e164c2a975213d77bc6bf5f2db35246758bf9c9eb7b40241b0d096e4e32c329abc4adba1eba8da20e9d1b8711ed9803b454aee8386bce57a9962

    • SSDEEP

      196608:vwwmggPmkzg3h4kwDy9cWWfIqw2XRJ2NFEzvwr3RDjRJQLY1vaWoA7fxFgRg8y:vjqx0R9kyTWfnwkRINmTyFjILcvabArL

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

4
T1562

Disable or Modify Tools

3
T1562.001

Disable or Modify System Firewall

1
T1562.004

Modify Registry

4
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks