General

  • Target

    3e0587c5a6ef9e3d93ef2ba3b5a1b8a8bce694fd0d81194dd95fdab33be4775e

  • Size

    97KB

  • Sample

    221121-r71l6sec72

  • MD5

    214798861209d42fb0f170cf0ea90c90

  • SHA1

    13f6b0c5d236732a480cec31884c3b0139be1f82

  • SHA256

    3e0587c5a6ef9e3d93ef2ba3b5a1b8a8bce694fd0d81194dd95fdab33be4775e

  • SHA512

    246b1f2ae65c4d44584dd7f69b830abb4a6144894236129d2d835b0caa424e611de639f0bb0e10cb54da6d795da3b3743f37a22c0afce7b9c1320050e9b92d5b

  • SSDEEP

    3072:cH2GRj3n1umSALAOOTpA6T5Q9UDR07UW1i:G2i3n1zOym0UD0D1i

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      3e0587c5a6ef9e3d93ef2ba3b5a1b8a8bce694fd0d81194dd95fdab33be4775e

    • Size

      97KB

    • MD5

      214798861209d42fb0f170cf0ea90c90

    • SHA1

      13f6b0c5d236732a480cec31884c3b0139be1f82

    • SHA256

      3e0587c5a6ef9e3d93ef2ba3b5a1b8a8bce694fd0d81194dd95fdab33be4775e

    • SHA512

      246b1f2ae65c4d44584dd7f69b830abb4a6144894236129d2d835b0caa424e611de639f0bb0e10cb54da6d795da3b3743f37a22c0afce7b9c1320050e9b92d5b

    • SSDEEP

      3072:cH2GRj3n1umSALAOOTpA6T5Q9UDR07UW1i:G2i3n1zOym0UD0D1i

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks