General

  • Target

    7c620f942fa9513eb0d2dcff718be048

  • Size

    364KB

  • Sample

    220830-x18xvsegfm

  • MD5

    7c620f942fa9513eb0d2dcff718be048

  • SHA1

    d61531c62747ce614356a3f31e905e774967c3ce

  • SHA256

    a0bda609a6ecaadcf5c6dced3f6fc53a4aa83fa3feb78bf2e64612ab69e37310

  • SHA512

    e319dacbcb1580cc06d7d772138b7e2ce38840cb6bb5832c2ed138c160404af9726bcc3db71d1fac91d51971d2f8fe945d3c4adb16213dc744d757f931477a3b

  • SSDEEP

    6144:EyH7xOc6H5c6HcT66vlml/SI01Jq3ggxDDwCkTTgPdFnYOR/gBbf5k7Yqd0rqxBA:EagCkD3bgBbRk7YYzErSI5

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      7c620f942fa9513eb0d2dcff718be048

    • Size

      364KB

    • MD5

      7c620f942fa9513eb0d2dcff718be048

    • SHA1

      d61531c62747ce614356a3f31e905e774967c3ce

    • SHA256

      a0bda609a6ecaadcf5c6dced3f6fc53a4aa83fa3feb78bf2e64612ab69e37310

    • SHA512

      e319dacbcb1580cc06d7d772138b7e2ce38840cb6bb5832c2ed138c160404af9726bcc3db71d1fac91d51971d2f8fe945d3c4adb16213dc744d757f931477a3b

    • SSDEEP

      6144:EyH7xOc6H5c6HcT66vlml/SI01Jq3ggxDDwCkTTgPdFnYOR/gBbf5k7Yqd0rqxBA:EagCkD3bgBbRk7YYzErSI5

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Modify Registry

5
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

3
T1089

Discovery

System Information Discovery

1
T1082

Tasks