General

  • Target

    66730c2a8a08a22af875947d238833ca1b5a6740b9bd7d91a4031e2e5b27898a

  • Size

    208KB

  • Sample

    221028-yandxacef8

  • MD5

    0c0091d1f7212ab6768331710da6c910

  • SHA1

    48e0924c7d3ea12e46553b760dc174b9de2886f4

  • SHA256

    66730c2a8a08a22af875947d238833ca1b5a6740b9bd7d91a4031e2e5b27898a

  • SHA512

    112b24c3347555b71b5299067987b9989ce103c4d09f4634b5660bdc1632bcb6e19b8993836e977a7abf75d84c5bc8014661069927b4b55f4034fefa11c5e95e

  • SSDEEP

    3072:ENcFWi6oqmDtL+qvFuhjpGbpV4kHs2vhVychwRcUpU1LFdrySKWiF:kiDEoXhwnWBdeSjo

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      66730c2a8a08a22af875947d238833ca1b5a6740b9bd7d91a4031e2e5b27898a

    • Size

      208KB

    • MD5

      0c0091d1f7212ab6768331710da6c910

    • SHA1

      48e0924c7d3ea12e46553b760dc174b9de2886f4

    • SHA256

      66730c2a8a08a22af875947d238833ca1b5a6740b9bd7d91a4031e2e5b27898a

    • SHA512

      112b24c3347555b71b5299067987b9989ce103c4d09f4634b5660bdc1632bcb6e19b8993836e977a7abf75d84c5bc8014661069927b4b55f4034fefa11c5e95e

    • SSDEEP

      3072:ENcFWi6oqmDtL+qvFuhjpGbpV4kHs2vhVychwRcUpU1LFdrySKWiF:kiDEoXhwnWBdeSjo

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks