General

  • Target

    2024-02-18_cdbcdbd65c050c549f99dfb4b8efbf47_magniber

  • Size

    4.3MB

  • Sample

    240218-pyxg2saa91

  • MD5

    cdbcdbd65c050c549f99dfb4b8efbf47

  • SHA1

    035df815fe26fac70a98376e6a5c14fe2c90c929

  • SHA256

    b2196f6ee218510726c1b482949455c937fc841656df9284403d14217c30d807

  • SHA512

    06cc9713603b6589f4683afa9893095b17c8cfefc635c3b3faac61593fc71f5ca75f0825684dc59b64a628afc9403f7995acdb1cf771bf16660c9a0aff15218f

  • SSDEEP

    98304:QsbltXkUt8hD37ZerXSFSYGBDVfSXNiu0fEL8G+:DJtpadS2xlkueEL8v

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2024-02-18_cdbcdbd65c050c549f99dfb4b8efbf47_magniber

    • Size

      4.3MB

    • MD5

      cdbcdbd65c050c549f99dfb4b8efbf47

    • SHA1

      035df815fe26fac70a98376e6a5c14fe2c90c929

    • SHA256

      b2196f6ee218510726c1b482949455c937fc841656df9284403d14217c30d807

    • SHA512

      06cc9713603b6589f4683afa9893095b17c8cfefc635c3b3faac61593fc71f5ca75f0825684dc59b64a628afc9403f7995acdb1cf771bf16660c9a0aff15218f

    • SSDEEP

      98304:QsbltXkUt8hD37ZerXSFSYGBDVfSXNiu0fEL8G+:DJtpadS2xlkueEL8v

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks