General

  • Target

    7cba69a1e9801e9c4024f08237ffd7fc6d0f2fcb015e869d5bc5310390c78b5a

  • Size

    2.7MB

  • Sample

    240218-t2tmsacf82

  • MD5

    338326774a9efd69c10cf7526a098f43

  • SHA1

    d6de994e8d86a0e33765aa7ee5a0133de227540f

  • SHA256

    7cba69a1e9801e9c4024f08237ffd7fc6d0f2fcb015e869d5bc5310390c78b5a

  • SHA512

    bff2c2408bb8c46fbd04a39b917e8e8e86277257719a573ae6a9c82be7c030622ca1ce895d31a239dd760af9830d8ea1725609ecef9792ee324d7bc9492d30a4

  • SSDEEP

    49152:GyG3tQ7ZMxg0K/th7KV8gbXHA/nTJF6f:Gy37R2g/nTJF2

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      7cba69a1e9801e9c4024f08237ffd7fc6d0f2fcb015e869d5bc5310390c78b5a

    • Size

      2.7MB

    • MD5

      338326774a9efd69c10cf7526a098f43

    • SHA1

      d6de994e8d86a0e33765aa7ee5a0133de227540f

    • SHA256

      7cba69a1e9801e9c4024f08237ffd7fc6d0f2fcb015e869d5bc5310390c78b5a

    • SHA512

      bff2c2408bb8c46fbd04a39b917e8e8e86277257719a573ae6a9c82be7c030622ca1ce895d31a239dd760af9830d8ea1725609ecef9792ee324d7bc9492d30a4

    • SSDEEP

      49152:GyG3tQ7ZMxg0K/th7KV8gbXHA/nTJF6f:Gy37R2g/nTJF2

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks