General

  • Target

    137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c

  • Size

    550KB

  • Sample

    221123-tbdtmsgf41

  • MD5

    439efae84238ce54fd613fa3268d4e06

  • SHA1

    b6e6c16bf1b53368f503aaf2e189bba809cec5ee

  • SHA256

    137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c

  • SHA512

    a9c17968eabdc8fef199c9b255f48c92112f1b5c0d173b3921ed00e23c82a08d47784ebcc00c03c0a3682c4d60e30de43af0911a93f4ccae2e0c59b247b0609d

  • SSDEEP

    6144:u9Mtzp5vblDqMCYghSWYg8aKYEFjdc555WMHSYgIxs6HGSYEU5B3A+Owq:mMtvzlDxihSS8aKQ7yYimFYbbA9wq

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c

    • Size

      550KB

    • MD5

      439efae84238ce54fd613fa3268d4e06

    • SHA1

      b6e6c16bf1b53368f503aaf2e189bba809cec5ee

    • SHA256

      137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c

    • SHA512

      a9c17968eabdc8fef199c9b255f48c92112f1b5c0d173b3921ed00e23c82a08d47784ebcc00c03c0a3682c4d60e30de43af0911a93f4ccae2e0c59b247b0609d

    • SSDEEP

      6144:u9Mtzp5vblDqMCYghSWYg8aKYEFjdc555WMHSYgIxs6HGSYEU5B3A+Owq:mMtvzlDxihSS8aKQ7yYimFYbbA9wq

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks