General

  • Target

    af70fcf0d4032564a34f82a4cda2ae87

  • Size

    160KB

  • Sample

    240229-znf3escc2s

  • MD5

    af70fcf0d4032564a34f82a4cda2ae87

  • SHA1

    ee316a23ecbb38933e0900da3f6db73470f664f5

  • SHA256

    108e554f9a900d232f2156033cd9339f1316843befbeaf809f3bdb9186b6970e

  • SHA512

    7715435ec4872a1fb2beec46eedf10cf37ffef6a0cb9a5c07956e6636b5f19e34b3597befe8f5cf98c2ae1e0ca5488fca88f3fe2349fa8a9e5214ed26d3c5366

  • SSDEEP

    3072:JP24nrk3mmJ+4o4W4IeooDto6djDcOIjNE+y78Z+C6Pr+HFkYI:JbUo4W4Iey2oNi78ZR6PyHFLI

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      af70fcf0d4032564a34f82a4cda2ae87

    • Size

      160KB

    • MD5

      af70fcf0d4032564a34f82a4cda2ae87

    • SHA1

      ee316a23ecbb38933e0900da3f6db73470f664f5

    • SHA256

      108e554f9a900d232f2156033cd9339f1316843befbeaf809f3bdb9186b6970e

    • SHA512

      7715435ec4872a1fb2beec46eedf10cf37ffef6a0cb9a5c07956e6636b5f19e34b3597befe8f5cf98c2ae1e0ca5488fca88f3fe2349fa8a9e5214ed26d3c5366

    • SSDEEP

      3072:JP24nrk3mmJ+4o4W4IeooDto6djDcOIjNE+y78Z+C6Pr+HFkYI:JbUo4W4Iey2oNi78ZR6PyHFLI

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Target

      $PLUGINSDIR/Dialer.dll

    • Size

      3KB

    • MD5

      7666a3ea04037ba2f04512879cf7ae9e

    • SHA1

      5622855c42657d8a4ffc2ad87bbf06d0218ccfe6

    • SHA256

      4742cddec8e5e059ca106fb85f6a2dc690c18461b4cde07b36aa2b25c6e3f2c9

    • SHA512

      16e7d4f5cae64da54eda4f9a89e2214f9ad0c7fb8d2173fb1a807fe52180284ad8e834f447720a2d4c4e0ff996cac6ce6c7a6275b4eb66eebb81905b3f6052da

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      7e49eb67f1f3c62bb8c4b0a868b30645

    • SHA1

      2be42e3c6059485bc3b624a537ab1fb36a10a263

    • SHA256

      17f0946e0847bbaa6a06eb58aead13fce22a8606e9b3744cd2241debdf8d8bae

    • SHA512

      469c28b6da5b9499fd417f8cd74414d6c6edcbe6567eecc9421a69797a77ec323936deb96cd151611da57e311074ec0c56d82a9800d7aebac9538a947284ff9e

    • SSDEEP

      192:/6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTSK72dwF7dBdcQOz:/6JaVh4I5rpPbTS+BdhO

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallerHelperPlugin.dll

    • Size

      49KB

    • MD5

      52a442935d96e94c780ca616feed71f3

    • SHA1

      45e3d0af4e7582a0241433de6a73571100334b83

    • SHA256

      ea67e8f37654c7278903c73d62fbc8ec183881ab32feee5e2109c84715e63ecc

    • SHA512

      289accf4ae88bd34f02577d7f1339a551c5e2230c354663c616a887f1c54630e044e7be2ae68035ff660d75eaa1e313c3aad35f1548a0b16842da7d7375f199e

    • SSDEEP

      768:TWcIgKCbS2OAjFeiIWPwEPBRXkDYGzLk14IAm5oYKLPK:Kc3KqS2OXWXoDUZ587K

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      de86f5220bcbbac420fc4f6166bb2d91

    • SHA1

      d0d52fdacbcffe0058cedfc20cf5108475033f5d

    • SHA256

      7f3057abae7e8b5b91a35fbb23897657accb8c724e923d5d4a0e9208ca09c445

    • SHA512

      d22f7807037c410427518891dee5dd535361df514ce0980a654d99d32f369b5e9c2059bc5930d807e93ebb3b7741d09466dd87bb796256daf9d8a630280fbe99

    • SSDEEP

      192:mO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1afgMO:DKAFERdlxhGRYUzqZaf

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks