General

  • Target

    aad50955611b85c545b165d067ed599c

  • Size

    278KB

  • Sample

    240228-dh2ahshh35

  • MD5

    aad50955611b85c545b165d067ed599c

  • SHA1

    b58e36d1f2a059c4b8a435abbfc475042a08730d

  • SHA256

    44eb401df1af1febbc63df572534d65a5c597f57861fb1310f7e3f56e9604c74

  • SHA512

    998e9fbec32881b012ff802cfc3500464f83291693dca29840488db69f0f394cb634190458653bf2c48540916e893bec6636bbe82ee9df2b5060b666547e3961

  • SSDEEP

    6144:k1TrhLIsmHJomDuECgOuaAexQhXOVLwPy5NXUuyARS50oJ0b23DbhyuPK:KrhLNmpomDuE79BUQQVGyNlo1pS

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      aad50955611b85c545b165d067ed599c

    • Size

      278KB

    • MD5

      aad50955611b85c545b165d067ed599c

    • SHA1

      b58e36d1f2a059c4b8a435abbfc475042a08730d

    • SHA256

      44eb401df1af1febbc63df572534d65a5c597f57861fb1310f7e3f56e9604c74

    • SHA512

      998e9fbec32881b012ff802cfc3500464f83291693dca29840488db69f0f394cb634190458653bf2c48540916e893bec6636bbe82ee9df2b5060b666547e3961

    • SSDEEP

      6144:k1TrhLIsmHJomDuECgOuaAexQhXOVLwPy5NXUuyARS50oJ0b23DbhyuPK:KrhLNmpomDuE79BUQQVGyNlo1pS

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks