General

  • Target

    a99595031f6da7a6f76386fe29a05c42

  • Size

    100KB

  • Sample

    240227-tmlnmade72

  • MD5

    a99595031f6da7a6f76386fe29a05c42

  • SHA1

    b1ed40adead0dcf16187696b5cab5741635075f3

  • SHA256

    0706035353c5c12b7f4e8b27a867aff947f9ec078fe328cb643f365cddea81d6

  • SHA512

    9ec81a0ba3cff917242c0836fa0400bddf04571c5623b3f1c71e65b06229eb7859d4a0cb55cabef6e177272210227865d8f720afc7aad67a5ee596fdf29e2589

  • SSDEEP

    1536:rxrRnQdlVV0pblSGdfe0DG6vvpqWo3QRIGEhFxFVNdFsGM0LUgOQ1fdKCGJG3h:D6lopZdmaxno3WIGEnxzG4UgOpCGc

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      a99595031f6da7a6f76386fe29a05c42

    • Size

      100KB

    • MD5

      a99595031f6da7a6f76386fe29a05c42

    • SHA1

      b1ed40adead0dcf16187696b5cab5741635075f3

    • SHA256

      0706035353c5c12b7f4e8b27a867aff947f9ec078fe328cb643f365cddea81d6

    • SHA512

      9ec81a0ba3cff917242c0836fa0400bddf04571c5623b3f1c71e65b06229eb7859d4a0cb55cabef6e177272210227865d8f720afc7aad67a5ee596fdf29e2589

    • SSDEEP

      1536:rxrRnQdlVV0pblSGdfe0DG6vvpqWo3QRIGEhFxFVNdFsGM0LUgOQ1fdKCGJG3h:D6lopZdmaxno3WIGEnxzG4UgOpCGc

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks