General

  • Target

    a03afce8a00ddd4b5d8c9d05403363c9

  • Size

    429KB

  • Sample

    240216-nascrahe31

  • MD5

    a03afce8a00ddd4b5d8c9d05403363c9

  • SHA1

    d34612340ce214e0633a58c3e5c54727e98e94f2

  • SHA256

    57e1bc5c9e6dba152c14cb933ba2a05c25703ac35b902cc260de61e8e1d70909

  • SHA512

    1fecd50d5c4f32a6d3329c552ddb267f23ca7072c9a14d4c0746cf258720bbd8d82c25df0f6ff90b56d6a9d77a35364a711702980de11411f8f9626e7dbca582

  • SSDEEP

    6144:YmEI6sSIRRepQN1EzwmlBR9r99yj51txISHQxx3U+s36xSYTbx/9lxH:YmE/sSILeQ/Kj9KWSwx3jo6wYzPH

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      a03afce8a00ddd4b5d8c9d05403363c9

    • Size

      429KB

    • MD5

      a03afce8a00ddd4b5d8c9d05403363c9

    • SHA1

      d34612340ce214e0633a58c3e5c54727e98e94f2

    • SHA256

      57e1bc5c9e6dba152c14cb933ba2a05c25703ac35b902cc260de61e8e1d70909

    • SHA512

      1fecd50d5c4f32a6d3329c552ddb267f23ca7072c9a14d4c0746cf258720bbd8d82c25df0f6ff90b56d6a9d77a35364a711702980de11411f8f9626e7dbca582

    • SSDEEP

      6144:YmEI6sSIRRepQN1EzwmlBR9r99yj51txISHQxx3U+s36xSYTbx/9lxH:YmE/sSILeQ/Kj9KWSwx3jo6wYzPH

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      1be3fc5971da6f9b86843d0763912fb6

    • SHA1

      e921bfa5b330102630420007a63fde0c439f0cdc

    • SHA256

      89ed50600e7046184f80b2a20b5299f35a0439fab1ad1f9f5fc55606955b6186

    • SHA512

      99e5a4e888c6cbd2b67464162516aec5a564447fec389012acd8873aa6312020bfe5f0d68e83f54a7320355c5f828f7769f666d5cfd12f2ceed02a6d5b66dc4d

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      410a586735f45164c86bda363ad8446f

    • SHA1

      a68d18a8c72ffaa8f8d9ed9f76ea9b0ed397821b

    • SHA256

      b15b1fc88d1b56088b2d3738d76772a91fa186a316a3e0a154358820d0fb9005

    • SHA512

      d12083f67df132b2be57c202601a0cf82dba4c234910e780d2723aac14ae68407b824405b04737b55104bc97750550a3271a944d647661b067ce134075e6cc2a

    • SSDEEP

      48:aYZT4WeApYxYlxamAWHN+EuWkGWBBWAGr9SdLB8m+ofYZVSA:JCWGSxamjHNDuWRWBBWvmuV

    Score
    3/10
    • Target

      $PLUGINSDIR/RrimoRedist/pxsetup.exe

    • Size

      70KB

    • MD5

      4ee24c7fd67b098431c951db7686bd19

    • SHA1

      5b14bed150ea0bf619b938ce94b9f32b02a6aadc

    • SHA256

      0f445c4b76bc309a940d5f4ba615bef1dcefbc0d160f3a8d06e0038160d9b4af

    • SHA512

      7853bcd7482b85ab362935060506a1b44779946e9428838a1c95cc54fcbf94058ed9c2101b5c4e3114ed125b88692ed694b394ff94ecc8d88c39b57bb21f08f8

    • SSDEEP

      768:hAU7HRAGh50RWvgd01Q1xBovT0/TYJ1BJ5dylihjtJaQ6GUfcY00YeCGL+Hbmpmx:hA11u+BovTcYJt57jtJjqcYLLCG0mIx

    Score
    4/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      959ea64598b9a3e494c00e8fa793be7e

    • SHA1

      40f284a3b92c2f04b1038def79579d4b3d066ee0

    • SHA256

      03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    • SHA512

      5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    • SSDEEP

      192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      f7b92b78f1a00a872c8a38f40afa7d65

    • SHA1

      872522498f69ad49270190c74cf3af28862057f2

    • SHA256

      2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

    • SHA512

      3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

    • SSDEEP

      192:y1zQhZDqlJcKISw99ioU3MSfwLF/+nhHUisdz:ozoZDGKYw9goWyFGBU7z

    Score
    3/10
    • Target

      $PLUGINSDIR/nsis_chklist.dll

    • Size

      21KB

    • MD5

      2b18cb4be9405caa2831340668a21d1f

    • SHA1

      55f0d3e2e2913e54ddd76252f06feb370040cab3

    • SHA256

      b6b46b0d52d44ed6ea72429c43394d8fd23d41b01d237428c070fb344d16515a

    • SHA512

      c48cd7090e93cb90dfed8442a0d068a077f815641968a2615f767c9cbf020c3aaad2387cda1aba6768b2f5b346c779e29e40a6da6066ad2c28f29bb43505ea9d

    • SSDEEP

      384:4OHLSN94SOiUJ+4lpGwMTFVUWLuXiyKnC6qTNqRS4XIaFfCzREsyExgsfrEu:4ySN943iljFO5XjIFRS4Vf9s9NzEu

    Score
    3/10
    • Target

      $PLUGINSDIR/nsis_winamp.dll

    • Size

      4KB

    • MD5

      1e1ded1cf1c69852f2074693459fb3b5

    • SHA1

      81b165cae4d38a98760131989fdd8aed2c918679

    • SHA256

      5946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec

    • SHA512

      a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96

    • SSDEEP

      48:SEdAWvTa5HlE1m198EqtjbglT68HY06mzWB+wUKCmMpzm7n4/ZS9:LA2a5Fcm198EqtjMlv47mzWBVgaj4/w

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks