Overview

overview

10

Static

static

3

迅雷极�...��.exe

windows7-x64

10

迅雷极�...��.exe

windows10-2004-x64

10

Program/XLUserS.dll

windows7-x64

3

Program/XLUserS.dll

windows10-2004-x64

3

迅雷极�...��.url

windows7-x64

1

迅雷极�...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77a4ad23a43a33f99f82a6f3fc968e47_JaffaCakes118

  • Size

    18.0MB

  • Sample

    240527-c6aa9sdd5w

  • MD5

    77a4ad23a43a33f99f82a6f3fc968e47

  • SHA1

    096e599ce31bcfa1a6fa644f3e69811a2604b572

  • SHA256

    842d0663926d5baf42cfa46ccca5e0d69e0ef109d07da57ea45e3ab43c4a305e

  • SHA512

    48d2904d8269acba36c50bbe1e3efda0db94dfcf9b960a3d30900f8e5dcc62ca30e52e444757b93c309c8cf7345a29dbd8f3dfde62f992bf83c5add05458b3f6

  • SSDEEP

    393216:wqez5RytyjmvB3ny5sexXZj8JY4YGUTa1U3fdaPM:wqe9RytuoJny5vJRAY4YAy31d

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      迅雷极速版1.0.1.16星空不寂寞优化本地VIP6版/迅雷极速版1.0.1.16星空不寂寞优化本地VIP6版.exe

    • Size

      18.0MB

    • MD5

      e252feaf7743218c0c64abbd4c9b057a

    • SHA1

      458027ac825b4f7063f1f80c984b477a4dc99644

    • SHA256

      54a14caa48d87a1be852320f8cedf5dbe0bc78a3bfb3e1ac06686b80d8e36351

    • SHA512

      3a733d32b71b28a2661d355b387842f8362e57a170aa3bffa8beb6e84611be8f273cc4b2b4277f704051e00d9e735b57d904a97c3353e48b8c25b896dd1081b1

    • SSDEEP

      393216:qqez5RytyjmvB3ny5sexXZj8JY4YGUTa1U3fdaPS:qqe9RytuoJny5vJRAY4YAy315

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      Program/XLUserS.dll

    • Size

      10KB

    • MD5

      298a55f67d833bb4098c207585f61e8d

    • SHA1

      0ccba896919d490af86b39a7b331bd0eae335429

    • SHA256

      6172aab4af8168637ece72bc6464166f144538beb425952e4085cbbe28a033ca

    • SHA512

      b64b0a0df7e9da31d237adea48d0feb93796cb1d5a1a01deb71cb13dd218bfaa8a991e0ccde396198c7d55d066eabf277ff1c4e32db80641bccfd679611c8a41

    • SSDEEP

      192:zzF86tZDWrepiJLEqUErRtdD4fUuMZwt2h8sIGO2x9:zh8TLLweSfUuM0GOC

    Score
    3/10
    behavioral3behavioral4

    • Target

      迅雷极速版1.0.1.16星空不寂寞优化本地VIP6版/飘荡软件.url

    • Size

      328B

    • MD5

      e97aad722245bfc4a60be0e6f453be6f

    • SHA1

      c7b7c9585109f71526ed65616668ef7573841d9a

    • SHA256

      3f6b8de5ca595a2e7371396fcb22b303e0f664733aabc940657c33324d5f269a

    • SHA512

      f151b723079fc09ac4b44c540b278b8c273f3958d5b661a6b30e31b119dca6d017ab0f987c52c60cc46e917ef9626e943971017d8e1dfe11c4cf27b93a2c772a

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks