General

  • Target

    f55b4ad27fd94b0aaa08dd111af7f6c0b49086b756fb216ca5662d4dc733ddb5

  • Size

    4.0MB

  • Sample

    240221-jd83fsdd57

  • MD5

    d820d74021ee80017eaa4166497d2b51

  • SHA1

    2a7e80596843c7def38ec827e9c2843f1d2593af

  • SHA256

    f55b4ad27fd94b0aaa08dd111af7f6c0b49086b756fb216ca5662d4dc733ddb5

  • SHA512

    a9b414b40b25d518e465fc4d8bdd4ff082e08c5d21966f8acf0a93f6367fc48adb123c5e0a82560bf39e91d2abf42336ffcea9a045e252658ef01b3ec96104c4

  • SSDEEP

    49152:7YbVtuKvKlSA+n32pWx43UxThfAToiqScjc3tus:7+tvgz+n32kCUxT6og

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      f55b4ad27fd94b0aaa08dd111af7f6c0b49086b756fb216ca5662d4dc733ddb5

    • Size

      4.0MB

    • MD5

      d820d74021ee80017eaa4166497d2b51

    • SHA1

      2a7e80596843c7def38ec827e9c2843f1d2593af

    • SHA256

      f55b4ad27fd94b0aaa08dd111af7f6c0b49086b756fb216ca5662d4dc733ddb5

    • SHA512

      a9b414b40b25d518e465fc4d8bdd4ff082e08c5d21966f8acf0a93f6367fc48adb123c5e0a82560bf39e91d2abf42336ffcea9a045e252658ef01b3ec96104c4

    • SSDEEP

      49152:7YbVtuKvKlSA+n32pWx43UxThfAToiqScjc3tus:7+tvgz+n32kCUxT6og

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks