General

  • Target

    ac4e56085160ca3ea595cfc621a8b1af

  • Size

    164KB

  • Sample

    240228-tp63caga3s

  • MD5

    ac4e56085160ca3ea595cfc621a8b1af

  • SHA1

    99e114c0482aeebdb099826f98313df2d9e38d15

  • SHA256

    dbf67a312305a90db8818f2109ac9fd83332464e8a190be55f79743785681cd0

  • SHA512

    6155a457188ce8f9bbd8f878165d6dd1500fa87c09cf87235e6325140bbf760764ae48cad32cd56569872ad631b8f84247018127fdabf7a796556bec45539af6

  • SSDEEP

    3072:Z1y/oV76xgx1bWEctMk5lUzD6NvAvaCZ3HpmbjuQWz4D:3yrQ9Hc15lUzmJAS4HIbqS

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

    • Target

      ac4e56085160ca3ea595cfc621a8b1af

    • Size

      164KB

    • MD5

      ac4e56085160ca3ea595cfc621a8b1af

    • SHA1

      99e114c0482aeebdb099826f98313df2d9e38d15

    • SHA256

      dbf67a312305a90db8818f2109ac9fd83332464e8a190be55f79743785681cd0

    • SHA512

      6155a457188ce8f9bbd8f878165d6dd1500fa87c09cf87235e6325140bbf760764ae48cad32cd56569872ad631b8f84247018127fdabf7a796556bec45539af6

    • SSDEEP

      3072:Z1y/oV76xgx1bWEctMk5lUzD6NvAvaCZ3HpmbjuQWz4D:3yrQ9Hc15lUzmJAS4HIbqS

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks