General

  • Target

    2024-02-16_a33c5d4ac7ac9fad76d5bc2178ccace3_magniber

  • Size

    2.1MB

  • Sample

    240216-s8y1each6s

  • MD5

    a33c5d4ac7ac9fad76d5bc2178ccace3

  • SHA1

    1e0255b736db7fa4214003aa12716f8e59d75066

  • SHA256

    b478c984d3723dc03f08b5f98dc28c4e9af01af42d3cc1c8a09471e9d9011ed0

  • SHA512

    d74e2ba52687d31dabd5f7751ac12a39096b9ee61b20c8c7feaebef93b3f3e881a528a5b8d91ac950794cce0d2ee1e41b13dbf1512bfca7a0e4d471475809d44

  • SSDEEP

    49152:V0r4wrcRjV4WcxG2SnksRH4givBA1N8IQgZmtf/nnH:S8woRj9cxGxkq4/vBAIIQXnnH

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2024-02-16_a33c5d4ac7ac9fad76d5bc2178ccace3_magniber

    • Size

      2.1MB

    • MD5

      a33c5d4ac7ac9fad76d5bc2178ccace3

    • SHA1

      1e0255b736db7fa4214003aa12716f8e59d75066

    • SHA256

      b478c984d3723dc03f08b5f98dc28c4e9af01af42d3cc1c8a09471e9d9011ed0

    • SHA512

      d74e2ba52687d31dabd5f7751ac12a39096b9ee61b20c8c7feaebef93b3f3e881a528a5b8d91ac950794cce0d2ee1e41b13dbf1512bfca7a0e4d471475809d44

    • SSDEEP

      49152:V0r4wrcRjV4WcxG2SnksRH4givBA1N8IQgZmtf/nnH:S8woRj9cxGxkq4/vBAIIQXnnH

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks