Overview

overview

10

Static

static

3

a19006698c...eN.dll

windows7-x64

10

a19006698c...eN.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a19006698c5ba025a6dc155b3738ba2616fe50692dc96de8984d68fb8e38cd7eN.exe

  • Size

    120KB

  • Sample

    241210-26hp3stqgx

  • MD5

    99b348c619b4698238fa89e1f3fabad0

  • SHA1

    f1cfc5816595c0afacab7aeb353734a94018c372

  • SHA256

    a19006698c5ba025a6dc155b3738ba2616fe50692dc96de8984d68fb8e38cd7e

  • SHA512

    f6ef0b14c11592ff38619fe9c70fc21b2e6ba9ed574b9c3eb6a771ebc7dcd3fdde3ee85d09cacb70f216cd1c64de0b5fef3a45bc80f20bebcb572b43a976517c

  • SSDEEP

    3072:Z5Bll+AaOozzyXp58QM7RTYucpECyddayRqjU1GFiiq9b:jBGp8CQM7xYtErwyc5q9b

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      a19006698c5ba025a6dc155b3738ba2616fe50692dc96de8984d68fb8e38cd7eN.exe

    • Size

      120KB

    • MD5

      99b348c619b4698238fa89e1f3fabad0

    • SHA1

      f1cfc5816595c0afacab7aeb353734a94018c372

    • SHA256

      a19006698c5ba025a6dc155b3738ba2616fe50692dc96de8984d68fb8e38cd7e

    • SHA512

      f6ef0b14c11592ff38619fe9c70fc21b2e6ba9ed574b9c3eb6a771ebc7dcd3fdde3ee85d09cacb70f216cd1c64de0b5fef3a45bc80f20bebcb572b43a976517c

    • SSDEEP

      3072:Z5Bll+AaOozzyXp58QM7RTYucpECyddayRqjU1GFiiq9b:jBGp8CQM7xYtErwyc5q9b

    Score
    10/10
    salitybackdoordiscoveryevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks