Overview

overview

10

Static

static

3

bc5eacf631...2c.exe

windows7-x64

10

bc5eacf631...2c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc5eacf631d86f4a89927a84359b8d259c9599b672853daae1d3e004186d6a2c

  • Size

    447KB

  • Sample

    240417-kb466ahh29

  • MD5

    207b809995e766fc927fadceb2469b89

  • SHA1

    c51568e83d60732194e7022352f35603560e7903

  • SHA256

    bc5eacf631d86f4a89927a84359b8d259c9599b672853daae1d3e004186d6a2c

  • SHA512

    e88a16b9872a3a9efbb3288d31c96bf5885dcae80a2ba7841b2662db62e315d50e47107af4c084f2bddb67628ebe85f775baf74f7dad5eae6cb727b46aea4165

  • SSDEEP

    6144:sVylhDxhMH6Jz92FglcSp4Y9dxIYc1AOp7QNKDjhJTviPMRf7:ndEFglcSp4sAVf7jDjhJePS7

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      bc5eacf631d86f4a89927a84359b8d259c9599b672853daae1d3e004186d6a2c

    • Size

      447KB

    • MD5

      207b809995e766fc927fadceb2469b89

    • SHA1

      c51568e83d60732194e7022352f35603560e7903

    • SHA256

      bc5eacf631d86f4a89927a84359b8d259c9599b672853daae1d3e004186d6a2c

    • SHA512

      e88a16b9872a3a9efbb3288d31c96bf5885dcae80a2ba7841b2662db62e315d50e47107af4c084f2bddb67628ebe85f775baf74f7dad5eae6cb727b46aea4165

    • SSDEEP

      6144:sVylhDxhMH6Jz92FglcSp4Y9dxIYc1AOp7QNKDjhJTviPMRf7:ndEFglcSp4sAVf7jDjhJePS7

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks