General

  • Target

    2024-02-18_7a244ee41ee9ec8e9db66897bac70fca_magniber

  • Size

    4.1MB

  • Sample

    240218-p266naab6z

  • MD5

    7a244ee41ee9ec8e9db66897bac70fca

  • SHA1

    3b7e3a2f19a5faaca50528eff459a02e0c631f2e

  • SHA256

    b38843c2b94e20796ebf60f7bcdcaf1c844eba470c7bcbe56d0d39fc17c51ec1

  • SHA512

    3efdd2c2519aa6f36c2ca7e5c4e2afc8877544c69c8f3560584cde09c89063642bec2289725fa1cda97683fd20a72f007f0bfdee6276741d9653b098977adc24

  • SSDEEP

    49152:sZfICio2RCV0sGbGVdylWojqkraXkFyWa+tdTeOWpNBRdL2PbX+tRs2v7cnio6v0:sC4yGVyvaXkyWa+tMOWLFEQfHdn5

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2024-02-18_7a244ee41ee9ec8e9db66897bac70fca_magniber

    • Size

      4.1MB

    • MD5

      7a244ee41ee9ec8e9db66897bac70fca

    • SHA1

      3b7e3a2f19a5faaca50528eff459a02e0c631f2e

    • SHA256

      b38843c2b94e20796ebf60f7bcdcaf1c844eba470c7bcbe56d0d39fc17c51ec1

    • SHA512

      3efdd2c2519aa6f36c2ca7e5c4e2afc8877544c69c8f3560584cde09c89063642bec2289725fa1cda97683fd20a72f007f0bfdee6276741d9653b098977adc24

    • SSDEEP

      49152:sZfICio2RCV0sGbGVdylWojqkraXkFyWa+tdTeOWpNBRdL2PbX+tRs2v7cnio6v0:sC4yGVyvaXkyWa+tMOWLFEQfHdn5

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks