Overview

overview

10

Static

static

3

e83a873af9...de.exe

windows7-x64

10

e83a873af9...de.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e83a873af960a432da3e5df827f9a2a1fa45e2002a065656247055dd2e914dde

  • Size

    775KB

  • Sample

    241205-m3djmaxmcm

  • MD5

    eb353cc031d5fc0dfd16b26ba43d8a31

  • SHA1

    0df106f6f40554fc45e2ebe9dbfe5baff3a69601

  • SHA256

    e83a873af960a432da3e5df827f9a2a1fa45e2002a065656247055dd2e914dde

  • SHA512

    121c8c0b0933f2c42197dd9ad4fa4f0856f29ec0334dda8222b3f7b62de968b1d99a4aa5b1dfb3334287cbc6276283cbd3ae420d9549282f330e4392c009ac12

  • SSDEEP

    12288:L1V4L4PCtGDtlLJgsGov6gYAMkZ6XlwAcMs+50tgAakT7hs5fDDbbjmh8Q0ukCEh:L1VUQDtlLJg3oH6XKAsCI/Akdos92

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      e83a873af960a432da3e5df827f9a2a1fa45e2002a065656247055dd2e914dde

    • Size

      775KB

    • MD5

      eb353cc031d5fc0dfd16b26ba43d8a31

    • SHA1

      0df106f6f40554fc45e2ebe9dbfe5baff3a69601

    • SHA256

      e83a873af960a432da3e5df827f9a2a1fa45e2002a065656247055dd2e914dde

    • SHA512

      121c8c0b0933f2c42197dd9ad4fa4f0856f29ec0334dda8222b3f7b62de968b1d99a4aa5b1dfb3334287cbc6276283cbd3ae420d9549282f330e4392c009ac12

    • SSDEEP

      12288:L1V4L4PCtGDtlLJgsGov6gYAMkZ6XlwAcMs+50tgAakT7hs5fDDbbjmh8Q0ukCEh:L1VUQDtlLJg3oH6XKAsCI/Akdos92

    Score
    10/10
    salitybackdoordiscoveryevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Downloads MZ/PE file

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks