General

  • Target

    af492da2c51de029e11b1984346ae0b8

  • Size

    413KB

  • Sample

    240229-x43j9aaf76

  • MD5

    af492da2c51de029e11b1984346ae0b8

  • SHA1

    298dbac0f69d0cecb70c974027dc213435cb7741

  • SHA256

    456073d5f1409baccc84109621090e54b60c4baac1d20baccf66791679205d49

  • SHA512

    575a4f4d9e7d3568073e67dae09da211f9933e41499f20286d257c613460e403466d09eebeac1d7e37b9e54425e0e6b1140be3ff98d1c1a378d3b72360ac26c8

  • SSDEEP

    3072:Fu45knVZlO52+XgTTSjMSw4IjmUquWRjVfDs8YzECM6cc7q:g6kLlO5JXgTTSjm4ISFPFVfsLM6cgq

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      af492da2c51de029e11b1984346ae0b8

    • Size

      413KB

    • MD5

      af492da2c51de029e11b1984346ae0b8

    • SHA1

      298dbac0f69d0cecb70c974027dc213435cb7741

    • SHA256

      456073d5f1409baccc84109621090e54b60c4baac1d20baccf66791679205d49

    • SHA512

      575a4f4d9e7d3568073e67dae09da211f9933e41499f20286d257c613460e403466d09eebeac1d7e37b9e54425e0e6b1140be3ff98d1c1a378d3b72360ac26c8

    • SSDEEP

      3072:Fu45knVZlO52+XgTTSjMSw4IjmUquWRjVfDs8YzECM6cc7q:g6kLlO5JXgTTSjm4ISFPFVfsLM6cgq

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks