General

  • Target

    24ed76901c763ac9c7d9d36b87aa9a08d73cfcdb927c2ea8351a0cabf348b5cf

  • Size

    156KB

  • Sample

    221002-fn7qlahff8

  • MD5

    6435bdd83efce1b89f2995938041ff40

  • SHA1

    0c64d1f6d1793c2cb3ceb9e20813b0c80658faa1

  • SHA256

    24ed76901c763ac9c7d9d36b87aa9a08d73cfcdb927c2ea8351a0cabf348b5cf

  • SHA512

    22033f5b00dc0d30d987e8e27baefcd772efb32b4945971d1fd58976b1867b75b5eab69e9f814bb59311b7447aa21c42ec5c1f0893cd58d2f0779d247c318090

  • SSDEEP

    3072:sr85CkksPi1pVARlzldese92Z4xULa1jshZpwD:k9kVPi1glVLMohZ

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      24ed76901c763ac9c7d9d36b87aa9a08d73cfcdb927c2ea8351a0cabf348b5cf

    • Size

      156KB

    • MD5

      6435bdd83efce1b89f2995938041ff40

    • SHA1

      0c64d1f6d1793c2cb3ceb9e20813b0c80658faa1

    • SHA256

      24ed76901c763ac9c7d9d36b87aa9a08d73cfcdb927c2ea8351a0cabf348b5cf

    • SHA512

      22033f5b00dc0d30d987e8e27baefcd772efb32b4945971d1fd58976b1867b75b5eab69e9f814bb59311b7447aa21c42ec5c1f0893cd58d2f0779d247c318090

    • SSDEEP

      3072:sr85CkksPi1pVARlzldese92Z4xULa1jshZpwD:k9kVPi1glVLMohZ

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Windows security bypass

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

MITRE ATT&CK Enterprise v6

Tasks