Overview

overview

10

Static

static

3

CorelDRW X...��.exe

windows7-x64

10

CorelDRW X...��.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...rl.dll

windows7-x64

1

$PLUGINSDI...rl.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    716336e6751c7a6aa4291efd610cd205_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240525-kdb86abg92

  • MD5

    716336e6751c7a6aa4291efd610cd205

  • SHA1

    16100ac2f1aec355998c061457084308da1a078a

  • SHA256

    09835679962887895235b382f4d11b8f2c06db9b4868649708c09114a6af32af

  • SHA512

    c88134779ea698ac231d4757b85b3978a407b2fcccf30b55de92a008200b6d3fa908e6556a93c36bb2644d8eeea2ede486975841c03a1116ca25a15ef26a5ef5

  • SSDEEP

    24576:V3bg5C3rUKfzseF8K4gprOiK+uZ/7oeovTiBXAGDvtxLZ+N7Gxv9LIjR:i4xcK4gprO5+A/pwC1tkGxv9LIF

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      CorelDRW X4插件包.exe

    • Size

      1.4MB

    • MD5

      8ddd801e6046e647056fd15f71b5143b

    • SHA1

      12919797eb45d5ea3e6e3dbaacb6def325466c2b

    • SHA256

      2c5c566c56b87a9abc63beb6dd6b767f00ac5e863ad312a0298a1ca8253a434a

    • SHA512

      7e02e7d47bb35d7a38761ee5f07fd45833a6f6cbb7f9e29425700e39d77e7084885a96c2d6423a70f608b3a8529fd4a0d2623ca0a24a49b2ed2647230e54da95

    • SSDEEP

      24576:RNTWVgVOr3UKfzo4FUkkg7jWiEGuZPxoMoBTcBTQGfh/xLZ+D7Gxb9LMjy:RdtMhwkkg7jWhGAPrkG1tIGxb9LMW

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

    • SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

    • SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    • SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    • SSDEEP

      192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/waterctrl.dll

    • Size

      16KB

    • MD5

      aefd35a23680fda066a05e4b5f6dc88e

    • SHA1

      8278021d560722701c1f3b91b85ed96bf34bed0c

    • SHA256

      bbc65291a3bcfb6559c391e251bca12d6b935a8a8de0825443642aa2b5e39e78

    • SHA512

      7ac32589e0bf8889e36184058e1f2ae0a0b6c701188ed18fbaf5b45afcff06eecb760d29e342953d50091fb14ef2ee8fb3285a1ec2c1dadec3ecea18fcfe56a2

    • SSDEEP

      192:BwgCxGHBykilusRf/D4WMJSuDVECsID01LkZVAHo4ZVZ9hOX/XDM9IHt:ijkHBeXErZhECsIDCyaH7f9h2/4s

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks