General

  • Target

    18c879b11fa83d12fd6c6eb8a1c94b7beb0bb6c1d835da20a6dd73e808aa3968

  • Size

    2.3MB

  • Sample

    240220-sdvphaab6x

  • MD5

    546872a89304878011e77f2c701d49fb

  • SHA1

    997975da31104e251c299c300039c928c4fe9b69

  • SHA256

    18c879b11fa83d12fd6c6eb8a1c94b7beb0bb6c1d835da20a6dd73e808aa3968

  • SHA512

    7769f5c0b041f1f2809e7a860930327ff6f77513f3d0de791d48ce1a3e93b1b02ede4a0953acda416820b15ac6e588f8c7b7101cbedb9a39e6a30dfc0adc5bb3

  • SSDEEP

    49152:BLDG5Gyz75LYZKbY+WNojkCNEerPAPO19RE5fCm:BLDG5vz75LgKbYVYkAkPOo

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      18c879b11fa83d12fd6c6eb8a1c94b7beb0bb6c1d835da20a6dd73e808aa3968

    • Size

      2.3MB

    • MD5

      546872a89304878011e77f2c701d49fb

    • SHA1

      997975da31104e251c299c300039c928c4fe9b69

    • SHA256

      18c879b11fa83d12fd6c6eb8a1c94b7beb0bb6c1d835da20a6dd73e808aa3968

    • SHA512

      7769f5c0b041f1f2809e7a860930327ff6f77513f3d0de791d48ce1a3e93b1b02ede4a0953acda416820b15ac6e588f8c7b7101cbedb9a39e6a30dfc0adc5bb3

    • SSDEEP

      49152:BLDG5Gyz75LYZKbY+WNojkCNEerPAPO19RE5fCm:BLDG5vz75LgKbYVYkAkPOo

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks