78aefd46d31f2bb67f0b9bd0d831f10f21bfd9d44b9deebcfa52c45e85a72473

Sharing

Copy URL

Twitter E-mail

General

Target

salinewin.exe source code.zip
Size

11.9MB
Sample

240526-trvr4adb68
MD5

2a2aed5bbdbffbe427fae0495b39c303
SHA1

5443a547a7c6b921b50bf5bbc4348fa506f0b05f
SHA256

78aefd46d31f2bb67f0b9bd0d831f10f21bfd9d44b9deebcfa52c45e85a72473
SHA512

988ef2a1e45c55e4d9ed3e268af6d80c3cc39e2ffed4639693e2d610669b84b077394fdef7eabb978ed985b21586f40ee0e09f211c243e65d62e398007baee89
SSDEEP

196608:hk9XnGC99OO2DCvqZh2KgHwLGjbk+EA3GzSSLFSVkhI+QdJ6EnxBkmYtW2mc86EI:hk9Xn9WrSH8mbknZLFSVkECGCJaaoXnK

Score

8^/10

Malware Config

Targets

- Target
  
  salinewin-safety/Release/salinewin-safety.exe
- Size
  
  245KB
- MD5
  
  601283c004aa6e4bcebfb6e844eb653c
- SHA1
  
  9c3dde5abd1056497f03f5ae5a3dc6ffed1028cf
- SHA256
  
  279a19315055e93a80c558bf9d9a7c8b4aba8fc8f8f3e812df8619e959abbcae
- SHA512
  
  feeaebc7c097c724f0cea539729729a7512eb0c75c45b7395cd1d7b3ab643f11fb8b941373b30b12d14b837ff53793fdf49fd70f524c9f6391285d62cf4a7c06
- SSDEEP
  
  3072:0Rz5n9Sae432oSLsMT3myjTvoTboVEBZP5pHQpYR95WPNp1wH:0T64a74LZPPHQpY35WPNpW
Score

1^/10
behavioral1 behavioral2
- Target
  
  salinewin/PayloadMBR/Create.bat
- Size
  
  397B
- MD5
  
  61e988b23f22b1c21626df02ca92b010
- SHA1
  
  bd60038f968325dbe556f583d0ae7ea306c6d332
- SHA256
  
  05a3a4faa2422e5d923439f6bafb331e0c1a2a2a334f376bdda6a49feef90e09
- SHA512
  
  cbc564bd2af5b901cacb2114ab26a4dce12575a3e6a2fb20547adfef0605b2481020faa9837556fcec3fbecee146ce373905535f58c86a8f1d81e624574b2538
Score

1^/10
behavioral3 behavioral4
- Target
  
  salinewin/PayloadMBR/Programs/QEMU/SDL.dll
- Size
  
  1.0MB
- MD5
  
  cea03998e710dc5bfc4954cde440333d
- SHA1
  
  a6490955fa171fd85a6e64d06642e129493c7ba4
- SHA256
  
  0cce4795789a49c433d7f9d1ce7663f265f948f672ebde5fec41f2447fcd8741
- SHA512
  
  c2aa76413fa9526abad2a3a61f3d0595027df32bcb7e0005a654625a7c894f386563d277ccda89d6eb96fdb869d262252927cfdf764c26c2dfd5cc966d23cfa3
- SSDEEP
  
  12288:lFqs6ZgPvI6bw3uJwV/MRb2F6t1YAG7S86OIYO8iJghIQoXk6MEgw4u8XcQexssC:lFqs6gvIgoYSF6vE7CwoQ6LwUGdL
Score

1^/10
behavioral5 behavioral6
- Target
  
  salinewin/PayloadMBR/Programs/QEMU/libcurl-4.dll
- Size
  
  295KB
- MD5
  
  baae54b1157b4c9587cceb4680b13da5
- SHA1
  
  939642b482d3e7697cec88d11aebc07bb076c2d1
- SHA256
  
  cde6e2b58641afd108ae2606337a71775021127a6109d6d64eadb056ca4598b7
- SHA512
  
  433f411f740bb2978a47776fa856874717531985ca3bfbf17cb2f6d1e106585132a7a90ef7b803a10f1293aaad63f2264ee8a8aea2806593d6944e189e0ff813
- SSDEEP
  
  6144:wK0GMvBI/QtKUbp9pDKRCzKuGpHTBI9yAR17rRH:wKEvB7Ke9pDXgHTdm7dH
Score

3^/10
behavioral7 behavioral8
- Target
  
  salinewin/PayloadMBR/Programs/QEMU/qemu.exe
- Size
  
  2.5MB
- MD5
  
  98dfea60ecff618c2940823119a279b4
- SHA1
  
  aab26cb098fdb76a4643044f494d9b09a7796038
- SHA256
  
  fa2255e47506aa291b59f003b298b98b4ab50b4138a0be87fcbdc5a90696b9bc
- SHA512
  
  306d9a66a0209d4c805fafbfbff88a9788574ab4999956fd03cda784a67b8dab2fb5d02ca0a7bdf269c7efc1e4564c0bd2f2e1c610ddf54b401c89e705d8613d
- SSDEEP
  
  49152:mH1QTnKjzdXskm4AwiiBfFS28OSNI6EsGC+T:mSLKjRXskmPwLBfFGOSNhEsGC
Score

1^/10
behavioral10 behavioral9
- Target
  
  salinewin/PayloadMBR/Programs/compress.exe
- Size
  
  50KB
- MD5
  
  884e43a197998dfeac6865c525321935
- SHA1
  
  32c27b036332e795fbe1060bcb43fe84468e423b
- SHA256
  
  abccc981147d5f9b43463e0f9ec6b7f168b7444626048c6c6a1c4dd7f8137096
- SHA512
  
  558d587ec0d0f07555d13d9d3262dcfdd5c344d735a2b5220356554467f255c42345b2b2443ea373537a9c4098c66ad0368fb8b2c62dd1922308276df5a3775e
- SSDEEP
  
  768:K4u2i8xCuM5AFEApuz7WHLeEA6vyFuu8A5U:ru0MApuereN6j
Score

1^/10
behavioral11 behavioral12
- Target
  
  salinewin/PayloadMBR/Programs/nasm.exe
- Size
  
  1.2MB
- MD5
  
  288f2be6334f4ea09abf3209166f9ac1
- SHA1
  
  c6c613aea50ee2f51518b2e5e0e1041ee101beb5
- SHA256
  
  442f6f984804c2e08c151f5565c2fdddda3a899d8e380512f271a3edbbf34cb4
- SHA512
  
  470ad18548d290bfbe4de768258ac6fc0863d28f4ad5bd8d169cff0d84f1326fb33351c5549c8f888258a7226ad8701ec2d913a8de300a96333403d60a510baa
- SSDEEP
  
  12288:dzMVtmYR2GGsxc7rjzWzzEqGc3I/Iga5/:dQCYEGGsxcvjzWX5/
Score

1^/10
behavioral13 behavioral14
- Target
  
  salinewin/PayloadMBR/Programs/png2bin.exe
- Size
  
  8.5MB
- MD5
  
  c6f98ceec41c080120ebd6121fab72a1
- SHA1
  
  d4e06fafc5807055acccad44bf31031f765868f7
- SHA256
  
  b6f3a0a6345932dca7df51b7cd7ec56d9c4fee9217772c4fd3efd8a37547a413
- SHA512
  
  06d8a957d3f69cb89e4172e11b0c3f6377dfacfd119d7da364781cff18edcfe04b2f5a6c8741088241fe3b9c2cd5c5b5c6112e0ff90e94e160a46caecea56f24
- SSDEEP
  
  196608:rgF+h90+7s8H9EmtqZiIP/Kr1zBB0PTAjQDCwkWt5JvVlkzKssOZK:rgF+h9fBGvrY1lOXHkW3O2ss
Score

7^/10
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  salinewin/PayloadMBR/Programs/png2bin.py
- Size
  
  1KB
- MD5
  
  32dfd28117b185e4870eaf506bb38af7
- SHA1
  
  b3f3572f0f4403d90889ee5cae7f0774759a1328
- SHA256
  
  f12bf9386320e3bf1419cc0227430d86c280d40a855b35aff36939f0396b11c7
- SHA512
  
  247b2ab09495f1a596bfcd567df5a39742591164b1472fd5e6c13d02dbcef0906212a8c06ddfdc8233e11af01cbf8b32536fff1550d7dc7599153d55edcf974d
Score

3^/10
behavioral17 behavioral18
- Target
  
  salinewin/Release/salinewin.exe
- Size
  
  283KB
- MD5
  
  2b1e9226d7e1015552a21faca891ec41
- SHA1
  
  f87fcbe10fa9312048214d4473498ad4f9f331ce
- SHA256
  
  7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada
- SHA512
  
  1852f6d05c9fca962178bc190bc8c90f0ca54ea99714480690f44417e49eee6c392579091ae8a6cd053ec47ad1980dbbbc0db3e0e00520ee1bdbadbf8dc9d69e
- SSDEEP
  
  3072:HZVUJ58IAelkapH3shY6iEwgaBZP5pHQpYR95WPNpNMl3:nUJ5PzB5ZPPHQpY35WPNpGl3
Score

8^/10

bootkit evasion persistence
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Disables Task Manager via registry modification

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20