General

  • Target

    ac0d90faaa148c44a13fbc136efacbefa1e5752f1e5938db4dcb689604fedd96

  • Size

    9.5MB

  • Sample

    240221-kg2cfsdh35

  • MD5

    f70a8ec57bdef1a3e01fd6b9f453e121

  • SHA1

    dcbbb48bebfa193f559b7fe85769f39be99f67a4

  • SHA256

    ac0d90faaa148c44a13fbc136efacbefa1e5752f1e5938db4dcb689604fedd96

  • SHA512

    5e72dd4c8968226e451e49a3a8b93bef963dbe4d5a0fa92ec38e0fc55a1834d1456655b01f6175117b9fc9dbff924286a804abf7ce7d0eb193ea8416ef8afa3c

  • SSDEEP

    196608:2WIHKtE+3uWvprwpJmT687bAYvMxH2BIQ4klUJ/8+Up3m:2GF3DM/mO8nAYvo2CQ4klUapW

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      ac0d90faaa148c44a13fbc136efacbefa1e5752f1e5938db4dcb689604fedd96

    • Size

      9.5MB

    • MD5

      f70a8ec57bdef1a3e01fd6b9f453e121

    • SHA1

      dcbbb48bebfa193f559b7fe85769f39be99f67a4

    • SHA256

      ac0d90faaa148c44a13fbc136efacbefa1e5752f1e5938db4dcb689604fedd96

    • SHA512

      5e72dd4c8968226e451e49a3a8b93bef963dbe4d5a0fa92ec38e0fc55a1834d1456655b01f6175117b9fc9dbff924286a804abf7ce7d0eb193ea8416ef8afa3c

    • SSDEEP

      196608:2WIHKtE+3uWvprwpJmT687bAYvMxH2BIQ4klUJ/8+Up3m:2GF3DM/mO8nAYvo2CQ4klUapW

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks