General

  • Target

    9b6e294fadfac37abccde79a2dc6cbdbc57b893525fd9fafaefa26338737ce55

  • Size

    2.7MB

  • Sample

    240220-sfnzqsag59

  • MD5

    e02f04f199248382c385d93e1ed0badb

  • SHA1

    26551bc90c04891319c86d9684f2a5843ef66e41

  • SHA256

    9b6e294fadfac37abccde79a2dc6cbdbc57b893525fd9fafaefa26338737ce55

  • SHA512

    6b90f714cc2bf25d51344a4cb29066a40b033ac425865384af55b37fba6bdd446d0d400ac305f91108b9084f1c3303831a6f95be99fe9c1601422a3979ada2d9

  • SSDEEP

    49152:6t8MGGGN/DJAyC4yHJvu/wRwAjGeRj54r8:s8MGGGZlAyCPVuMG

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      9b6e294fadfac37abccde79a2dc6cbdbc57b893525fd9fafaefa26338737ce55

    • Size

      2.7MB

    • MD5

      e02f04f199248382c385d93e1ed0badb

    • SHA1

      26551bc90c04891319c86d9684f2a5843ef66e41

    • SHA256

      9b6e294fadfac37abccde79a2dc6cbdbc57b893525fd9fafaefa26338737ce55

    • SHA512

      6b90f714cc2bf25d51344a4cb29066a40b033ac425865384af55b37fba6bdd446d0d400ac305f91108b9084f1c3303831a6f95be99fe9c1601422a3979ada2d9

    • SSDEEP

      49152:6t8MGGGN/DJAyC4yHJvu/wRwAjGeRj54r8:s8MGGGZlAyCPVuMG

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks