General

  • Target

    ab867943697e1c416ef0ac79f4a39a10

  • Size

    832KB

  • Sample

    240228-k4l62sfh6t

  • MD5

    ab867943697e1c416ef0ac79f4a39a10

  • SHA1

    7068d9b8fe2cafb549d87690f897fd6fa02fe9c6

  • SHA256

    848f35a88d997305b003d262f278fd710c3496faebadf2e28843b9d2ffe55052

  • SHA512

    9fc575af6dccb34a6a12b54212ed4f466e3dbb8dc039284401908b4a579d9c5d319436c47956493614d0dd1247ab959acdadc6f371ff89bda57e7837138875f0

  • SSDEEP

    24576:gUFa7K4Jy/fVtktVGPrfO/WxvaXUTcLHFpSYiVtktVGPrfO/WDW:ZqMlSyfO/WxyXukHFISyfO/Wi

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      ab867943697e1c416ef0ac79f4a39a10

    • Size

      832KB

    • MD5

      ab867943697e1c416ef0ac79f4a39a10

    • SHA1

      7068d9b8fe2cafb549d87690f897fd6fa02fe9c6

    • SHA256

      848f35a88d997305b003d262f278fd710c3496faebadf2e28843b9d2ffe55052

    • SHA512

      9fc575af6dccb34a6a12b54212ed4f466e3dbb8dc039284401908b4a579d9c5d319436c47956493614d0dd1247ab959acdadc6f371ff89bda57e7837138875f0

    • SSDEEP

      24576:gUFa7K4Jy/fVtktVGPrfO/WxvaXUTcLHFpSYiVtktVGPrfO/WDW:ZqMlSyfO/WxyXukHFISyfO/Wi

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks