General

  • Target

    0c4d6f60de304f1eab29289762e37e1599bf625324c9644c5434e17fe781f871

  • Size

    91KB

  • Sample

    221123-vvlh9sda21

  • MD5

    05ccbe78b8169ca35e14933e73a52939

  • SHA1

    6b584415a8f976d1b6fc6aa41881c2dd1ba50b70

  • SHA256

    0c4d6f60de304f1eab29289762e37e1599bf625324c9644c5434e17fe781f871

  • SHA512

    e7b9ac94772bbf2ce8429452e21508770b62125627dc0c4b6bf77a29c8e1d7f33892fde896d19bc1547952d1557bf0919d2f62951ff79701ff89654a83e6b04d

  • SSDEEP

    1536:dyD8SId/9ztODihwpBKWgGXeDSaI4Y6b0W37K0GR7TMTomTpONjgZYU3YIVV+wcg:ddSSVUGhIjXeD7zb137KJWPpONtzIgCP

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      0c4d6f60de304f1eab29289762e37e1599bf625324c9644c5434e17fe781f871

    • Size

      91KB

    • MD5

      05ccbe78b8169ca35e14933e73a52939

    • SHA1

      6b584415a8f976d1b6fc6aa41881c2dd1ba50b70

    • SHA256

      0c4d6f60de304f1eab29289762e37e1599bf625324c9644c5434e17fe781f871

    • SHA512

      e7b9ac94772bbf2ce8429452e21508770b62125627dc0c4b6bf77a29c8e1d7f33892fde896d19bc1547952d1557bf0919d2f62951ff79701ff89654a83e6b04d

    • SSDEEP

      1536:dyD8SId/9ztODihwpBKWgGXeDSaI4Y6b0W37K0GR7TMTomTpONjgZYU3YIVV+wcg:ddSSVUGhIjXeD7zb137KJWPpONtzIgCP

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks