General

  • Target

    af27429232165364f492a770d047f67e

  • Size

    97KB

  • Sample

    240229-wykxkshc66

  • MD5

    af27429232165364f492a770d047f67e

  • SHA1

    70597906ecd88b179a0df122e47c0e1cdd46bddb

  • SHA256

    9f0b563be30fff07e0a6da52be625b9209af63444cd8b28a6e6534cba8e209c3

  • SHA512

    716c604a5984f59d0cc426b543c8b70393c98c861148700fa8721b0ffa5b582d2e5b4f42e78a636295e2de377414b35fe4acf686c5093fb97f5f04e4366fb32b

  • SSDEEP

    1536:ZjXBYxwVCbg++vZiDcbw0NFlCcA+ZO/yEIY49622f2wbd:5XtVCb3+vZiQ00NFlCr2avV22f2k

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      af27429232165364f492a770d047f67e

    • Size

      97KB

    • MD5

      af27429232165364f492a770d047f67e

    • SHA1

      70597906ecd88b179a0df122e47c0e1cdd46bddb

    • SHA256

      9f0b563be30fff07e0a6da52be625b9209af63444cd8b28a6e6534cba8e209c3

    • SHA512

      716c604a5984f59d0cc426b543c8b70393c98c861148700fa8721b0ffa5b582d2e5b4f42e78a636295e2de377414b35fe4acf686c5093fb97f5f04e4366fb32b

    • SSDEEP

      1536:ZjXBYxwVCbg++vZiDcbw0NFlCcA+ZO/yEIY49622f2wbd:5XtVCb3+vZiQ00NFlCr2avV22f2k

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks