Overview

overview

10

Static

static

3

ef71464691...7N.exe

windows7-x64

10

ef71464691...7N.exe

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef71464691d3cd3708c47239a91dffc2fe86ad260d5189b4be116b2cdd3a7707N.exe

  • Size

    1.0MB

  • Sample

    241210-tldxdsvlcq

  • MD5

    14c057aa28de8f08e9ff1498351f6d90

  • SHA1

    ebe3b736756ca6b81752459f02cce257e3381263

  • SHA256

    ef71464691d3cd3708c47239a91dffc2fe86ad260d5189b4be116b2cdd3a7707

  • SHA512

    070b87e18df1a594c05c65e15fb3c92a99952438635df3c47c871ec2b6366e9488bf5a86e40a530321446a35edc3e85d6fcea71f751ae70797cf4a286b47706a

  • SSDEEP

    12288:MYEWcMwLfzH5BUdtsKR0yCKM8CxF7h5NGyENSrzXVoGsqACwUeCCbSzVczdDsgcx:MYUk3X5N2FXNGCrZEqACXeCXcdve1D

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      ef71464691d3cd3708c47239a91dffc2fe86ad260d5189b4be116b2cdd3a7707N.exe

    • Size

      1.0MB

    • MD5

      14c057aa28de8f08e9ff1498351f6d90

    • SHA1

      ebe3b736756ca6b81752459f02cce257e3381263

    • SHA256

      ef71464691d3cd3708c47239a91dffc2fe86ad260d5189b4be116b2cdd3a7707

    • SHA512

      070b87e18df1a594c05c65e15fb3c92a99952438635df3c47c871ec2b6366e9488bf5a86e40a530321446a35edc3e85d6fcea71f751ae70797cf4a286b47706a

    • SSDEEP

      12288:MYEWcMwLfzH5BUdtsKR0yCKM8CxF7h5NGyENSrzXVoGsqACwUeCCbSzVczdDsgcx:MYUk3X5N2FXNGCrZEqACXeCXcdve1D

    Score
    10/10
    salitybackdoordiscoveryevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      cae8cbe148469accf1ccf9692316e8f9

    • SHA1

      64e9308e6b541ad99c6fe4dc90829c7e17794ea4

    • SHA256

      8a27ff148592c3bdd33e5e9e87b9b05f54a1c136d002746696aeb9e9bd426395

    • SHA512

      72f1c7ec5f272d51c3f712c3b03eead35c3c0540adc5cd1f27004fb659f384720aa841f32fb76ada506398be767c3851633c95755af9af3d6b8980d74cee1023

    • SSDEEP

      48:SdcTYWeApYxYlxamAWHN+EuWkGWBBWAGGrx3pMt4z8mtJ73NofYZVSA:QZWGSxamjHNDuWRWBBxrhSbmtJ73RV

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/ProcDll.dll

    • Size

      1.5MB

    • MD5

      0d360c149b2c6649637985ee8b0a90a8

    • SHA1

      2b86f26310127645bc0c758ddf1fd0f42465b053

    • SHA256

      9088ac40d822a32efaf756d4d866faa72e69070d691907adfb0dfe916ccdb05f

    • SHA512

      96342c15738fc766ce7ea65b5c4a18829d68cc65f1ce931733820d9c9bda4e8bf570f90e26726b063eeddfc40bf454c6ae7751936c5d085cbc03d7f6989f7091

    • SSDEEP

      24576:PeQZyM8hOwcMRkASS2dTY1cPycfaxS0EwkNSoTo54Qh+ba3UdyjfDIvvIYu6aQjW:5y5hBSI1cPyO90kdycJuwj2Km

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks