General

  • Target

    2024-02-18_fcb0f73744fbe3b939ea16f7689d7fbf_magniber

  • Size

    3.7MB

  • Sample

    240218-p5ldcsag55

  • MD5

    fcb0f73744fbe3b939ea16f7689d7fbf

  • SHA1

    8d3aca27f39c77f455cd8c275aee62085b7ac888

  • SHA256

    9991134a71335447e338802861c282a5d9d1d60052dd7f64b158e1c204a5a878

  • SHA512

    8959ef3addf987887f53942fc1380d205ce35f4c9c02efcbb4ed3992eebf5c5560864fd44df27f27038ee2681d3387e9cb272883c41723b89f82c0f91561b50d

  • SSDEEP

    49152:ogUU6MQiAYyjja2vI6qi4gHRG/M0qaQyHlQh4FUe4xGTQt9SwhJ6Yp2Nz/J0Dfo:34M7AYcja2A6+gH84xGTQt9SG+N

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2024-02-18_fcb0f73744fbe3b939ea16f7689d7fbf_magniber

    • Size

      3.7MB

    • MD5

      fcb0f73744fbe3b939ea16f7689d7fbf

    • SHA1

      8d3aca27f39c77f455cd8c275aee62085b7ac888

    • SHA256

      9991134a71335447e338802861c282a5d9d1d60052dd7f64b158e1c204a5a878

    • SHA512

      8959ef3addf987887f53942fc1380d205ce35f4c9c02efcbb4ed3992eebf5c5560864fd44df27f27038ee2681d3387e9cb272883c41723b89f82c0f91561b50d

    • SSDEEP

      49152:ogUU6MQiAYyjja2vI6qi4gHRG/M0qaQyHlQh4FUe4xGTQt9SwhJ6Yp2Nz/J0Dfo:34M7AYcja2A6+gH84xGTQt9SG+N

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks