Overview

overview

10

Static

static

3

fbd002456b...aN.exe

windows7-x64

3

fbd002456b...aN.exe

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbd002456b49aa1c9609ad4b515c54b3663ed95cc7663b47ef8bcd9a03f7e85aN.exe

  • Size

    137KB

  • Sample

    241205-w913yawpgz

  • MD5

    b5188b98b7fc66b469e562953a69cd00

  • SHA1

    4a8ad0a8daa964473424b3f0efdb078df17027fd

  • SHA256

    fbd002456b49aa1c9609ad4b515c54b3663ed95cc7663b47ef8bcd9a03f7e85a

  • SHA512

    ae1dc8d867361811d8b5bf0bd016560fc465bc5c37dc6a6903d87f0c608205e2c2881c8515037bd3b68c31ca0529d5830882146c4d563ad54a53ec53fb0a4b91

  • SSDEEP

    3072:GLk39ahYXJYRZGpk3DX3GqmSDOfXJnUHVXjo/BIw3gBX5P/wD:GQTioa3GuDOf9URjo/n3gt5P/S

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      fbd002456b49aa1c9609ad4b515c54b3663ed95cc7663b47ef8bcd9a03f7e85aN.exe

    • Size

      137KB

    • MD5

      b5188b98b7fc66b469e562953a69cd00

    • SHA1

      4a8ad0a8daa964473424b3f0efdb078df17027fd

    • SHA256

      fbd002456b49aa1c9609ad4b515c54b3663ed95cc7663b47ef8bcd9a03f7e85a

    • SHA512

      ae1dc8d867361811d8b5bf0bd016560fc465bc5c37dc6a6903d87f0c608205e2c2881c8515037bd3b68c31ca0529d5830882146c4d563ad54a53ec53fb0a4b91

    • SSDEEP

      3072:GLk39ahYXJYRZGpk3DX3GqmSDOfXJnUHVXjo/BIw3gBX5P/wD:GQTioa3GuDOf9URjo/n3gt5P/S

    Score
    10/10
    discoverysalitybackdoorevasiontrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • UAC bypass

      evasiontrojan

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks