Overview

overview

10

Static

static

3

cd0ecbf8c3...3N.dll

windows7-x64

10

cd0ecbf8c3...3N.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd0ecbf8c35eb287fa199a68240bb877ec2ce528a4bb218046299d47cb4e4c83N.exe

  • Size

    120KB

  • Sample

    241216-qe8awa1mb1

  • MD5

    05ffaeea0d400aca041ca498597a9fa0

  • SHA1

    9d7719f217b7b57793afa6d7f994ba6f68cc6f92

  • SHA256

    cd0ecbf8c35eb287fa199a68240bb877ec2ce528a4bb218046299d47cb4e4c83

  • SHA512

    9c83321e2c00b7085077638a6b799ad9886ab2c000ce13cd1814aae9ab9f4d36a51f6507f05fcfa99a7268edc6aeaab78235eaac6c443598f3255f95a4118cfe

  • SSDEEP

    3072:OH6U/8FECn5S970ifAdZYweI5MBIjnvI:OH6VFECnW0COZXeg7vI

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      cd0ecbf8c35eb287fa199a68240bb877ec2ce528a4bb218046299d47cb4e4c83N.exe

    • Size

      120KB

    • MD5

      05ffaeea0d400aca041ca498597a9fa0

    • SHA1

      9d7719f217b7b57793afa6d7f994ba6f68cc6f92

    • SHA256

      cd0ecbf8c35eb287fa199a68240bb877ec2ce528a4bb218046299d47cb4e4c83

    • SHA512

      9c83321e2c00b7085077638a6b799ad9886ab2c000ce13cd1814aae9ab9f4d36a51f6507f05fcfa99a7268edc6aeaab78235eaac6c443598f3255f95a4118cfe

    • SSDEEP

      3072:OH6U/8FECn5S970ifAdZYweI5MBIjnvI:OH6VFECnW0COZXeg7vI

    Score
    10/10
    salitybackdoordiscoveryevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • Sality family

      sality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks