General

  • Target

    ab8d2773f9d2da28831852dc326d2520

  • Size

    167KB

  • Sample

    240228-lcd7ssgb69

  • MD5

    ab8d2773f9d2da28831852dc326d2520

  • SHA1

    c02e4ef5dea3335dfc2d50d0f9e22ddd9c5c8812

  • SHA256

    e793eb150901472e73c8ffedf7ac402df4a9d10b6d6cac0d1612b2924a14f0c1

  • SHA512

    bc916f41a2ed08c9dc4933dee31ea00848b5dc8bad5df5df640d73f89aff6cf786c3a76435c0b7f26ed662a6200113f9eafc5faa46dbd8b2b489fb80eefcd190

  • SSDEEP

    3072:jYNQKPWDyWRefVJltZrpRl1P3yi/PUVAiIwwXWo3rQ:8NSDyWRO1thpoOPUVowwG+

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      ab8d2773f9d2da28831852dc326d2520

    • Size

      167KB

    • MD5

      ab8d2773f9d2da28831852dc326d2520

    • SHA1

      c02e4ef5dea3335dfc2d50d0f9e22ddd9c5c8812

    • SHA256

      e793eb150901472e73c8ffedf7ac402df4a9d10b6d6cac0d1612b2924a14f0c1

    • SHA512

      bc916f41a2ed08c9dc4933dee31ea00848b5dc8bad5df5df640d73f89aff6cf786c3a76435c0b7f26ed662a6200113f9eafc5faa46dbd8b2b489fb80eefcd190

    • SSDEEP

      3072:jYNQKPWDyWRefVJltZrpRl1P3yi/PUVAiIwwXWo3rQ:8NSDyWRO1thpoOPUVowwG+

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks