General

  • Target

    4f9ef492d83c74652bf2195614cecbbd32bfc552ec08d912e63f97b383abe2c3

  • Size

    1012KB

  • Sample

    220719-1tlqjaeff4

  • MD5

    adecd5f698025ea260b8946084909fc0

  • SHA1

    a6e8b997e77326d051fce4e0a3b9177f1028aaa8

  • SHA256

    4f9ef492d83c74652bf2195614cecbbd32bfc552ec08d912e63f97b383abe2c3

  • SHA512

    6648b4442dfd6149bd4145e0390f60bc8afacd2c400ecec80c840c7d2a423e5b11fd81052fd05fae854e4ab93df9098f70ec4460354420c3849919e1707a9ec3

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      4f9ef492d83c74652bf2195614cecbbd32bfc552ec08d912e63f97b383abe2c3

    • Size

      1012KB

    • MD5

      adecd5f698025ea260b8946084909fc0

    • SHA1

      a6e8b997e77326d051fce4e0a3b9177f1028aaa8

    • SHA256

      4f9ef492d83c74652bf2195614cecbbd32bfc552ec08d912e63f97b383abe2c3

    • SHA512

      6648b4442dfd6149bd4145e0390f60bc8afacd2c400ecec80c840c7d2a423e5b11fd81052fd05fae854e4ab93df9098f70ec4460354420c3849919e1707a9ec3

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Modify Registry

6
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

3
T1089

Discovery

System Information Discovery

2
T1082

Tasks