Overview

overview

10

Static

static

3

8e703e7d24...fa.dll

windows7-x64

10

8e703e7d24...fa.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e703e7d242c4a5115e7dd4b6cee81bdee887e1ad6dd463bc267c7571d435dfa

  • Size

    120KB

  • Sample

    240424-w851hafb34

  • MD5

    bfbdc08f8ca586122c5f5cb28e525ee4

  • SHA1

    c6ee3a21878f2c2a30bbdd145b3d03c17dda55da

  • SHA256

    8e703e7d242c4a5115e7dd4b6cee81bdee887e1ad6dd463bc267c7571d435dfa

  • SHA512

    c06ae03b486b6b41233762901ea3f534ec7e3e7b77df17fcee955f14643f0c9ad8068e269b6ec4211ec5ef0ad21c16f9873803d610a7098e67b4a6ba2edf0f4c

  • SSDEEP

    3072:B2+28ag0SbOx2uUx5uvVntnRkezIuJK24sJ:L/kfAuyudnNR7zIRBs

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      8e703e7d242c4a5115e7dd4b6cee81bdee887e1ad6dd463bc267c7571d435dfa

    • Size

      120KB

    • MD5

      bfbdc08f8ca586122c5f5cb28e525ee4

    • SHA1

      c6ee3a21878f2c2a30bbdd145b3d03c17dda55da

    • SHA256

      8e703e7d242c4a5115e7dd4b6cee81bdee887e1ad6dd463bc267c7571d435dfa

    • SHA512

      c06ae03b486b6b41233762901ea3f534ec7e3e7b77df17fcee955f14643f0c9ad8068e269b6ec4211ec5ef0ad21c16f9873803d610a7098e67b4a6ba2edf0f4c

    • SSDEEP

      3072:B2+28ag0SbOx2uUx5uvVntnRkezIuJK24sJ:L/kfAuyudnNR7zIRBs

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks