General

  • Target

    9af5c4863d1747d97a83f7c457b775c0628d78b5015c210d4d1d5aa762c3231b

  • Size

    734KB

  • Sample

    240219-1d4leadf3z

  • MD5

    b6810135a71c8f9c8eef35b4e3f33783

  • SHA1

    2dc5b02ab4a386556ac998d6e93f868d2a62ee0c

  • SHA256

    9af5c4863d1747d97a83f7c457b775c0628d78b5015c210d4d1d5aa762c3231b

  • SHA512

    84e53ce568d0888b3706c79a519197fdd6a6293129e3555534fe96020f1f39b7e21a1804952642edc3d3e8461c04348a3b9434682c54a3cfe8e6e52df04f6249

  • SSDEEP

    12288:KrrCWYeYynJpT6qdogI3+wAOVCDxs2m8Eu56+iZQDncyCIOZEMs6+2zKbn57y+hN:iGynHtEu0tJ39lKleASGBRhGj6R43U7

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      9af5c4863d1747d97a83f7c457b775c0628d78b5015c210d4d1d5aa762c3231b

    • Size

      734KB

    • MD5

      b6810135a71c8f9c8eef35b4e3f33783

    • SHA1

      2dc5b02ab4a386556ac998d6e93f868d2a62ee0c

    • SHA256

      9af5c4863d1747d97a83f7c457b775c0628d78b5015c210d4d1d5aa762c3231b

    • SHA512

      84e53ce568d0888b3706c79a519197fdd6a6293129e3555534fe96020f1f39b7e21a1804952642edc3d3e8461c04348a3b9434682c54a3cfe8e6e52df04f6249

    • SSDEEP

      12288:KrrCWYeYynJpT6qdogI3+wAOVCDxs2m8Eu56+iZQDncyCIOZEMs6+2zKbn57y+hN:iGynHtEu0tJ39lKleASGBRhGj6R43U7

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks