General

  • Target

    fe0a4d4d23c9ead2f100e760c344b321

  • Size

    4.5MB

  • Sample

    240301-ajhm1sgd71

  • MD5

    fe0a4d4d23c9ead2f100e760c344b321

  • SHA1

    54c04b4c665ebadb6a29681dc9a3b74252859821

  • SHA256

    4ef81e73170ec1138c62bd807d111c6cfa97d548772be19c707b22c3f256b8b6

  • SHA512

    f8b689daf9923efe1af8d52b557c1d2c1833dbbf536ef9b8ff11083f5ceb452b9c4d5d979f450a3627ba1967654ac8e6736036e77ff9da55c88e568282d32518

  • SSDEEP

    98304:2pf+3/59VHTRTboT7ei/HoF2SHpcBsP3F:KwJlcneQHoF2IpOs9

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      fe0a4d4d23c9ead2f100e760c344b321

    • Size

      4.5MB

    • MD5

      fe0a4d4d23c9ead2f100e760c344b321

    • SHA1

      54c04b4c665ebadb6a29681dc9a3b74252859821

    • SHA256

      4ef81e73170ec1138c62bd807d111c6cfa97d548772be19c707b22c3f256b8b6

    • SHA512

      f8b689daf9923efe1af8d52b557c1d2c1833dbbf536ef9b8ff11083f5ceb452b9c4d5d979f450a3627ba1967654ac8e6736036e77ff9da55c88e568282d32518

    • SSDEEP

      98304:2pf+3/59VHTRTboT7ei/HoF2SHpcBsP3F:KwJlcneQHoF2IpOs9

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks